[Dnsmasq-discuss] The filterwin2k option will make the dig command fail to query SOA.
Geoff Back
geoff at demonlair.co.uk
Sat Jan 1 15:49:37 UTC 2022
On 01/01/2022 15:27, Andreas Metzler wrote:
> On 2022-01-01 Aaron Jones <me-0HtfSeinixJQY5hu7U7n2A at public.gmane.org> wrote:
>> On 01/01/2022 05:30, Hongyi Zhao wrote:
>>> If I enable the filterwin2k option, the dig command will fail to query
>>> SOA, say, for the following ones:
>>> $ dig +short SOA bp.hyddns.xyz
>>> www.hyddns.xyz.
>>> $ dig +short SOA hyddns.xyz
>>> donald.dnspod.net. freednsadmin.dnspod.com. 1640510300 3600 180 1209600 180
>>> When filterwin2k option is enabled, nothing will be returned by the
>>> above commands.
> [...]
>
>> This is working as designed. From the manpage [1]:
>> -f, --filterwin2k
>> Later versions of windows make periodic DNS requests which don't get
>> sensible answers from the public DNS and can cause problems by
>> triggering dial-on-demand links. This flag turns on an option to filter
>> such requests. The requests blocked are for records of types SOA and
>> SRV, and type ANY where the requested name has underscores, to catch
>> LDAP requests.
> [...]
>
> The manpage says "The requests blocked are for records [...] where
> the requested name has underscores". The test-query shown above is not
> for a name with underscores. So, afaict not working as documented.
>
> cu Andreas
>
I'm afraid you are misinterpreting the man page. Without the part you
elided, as quoted above, it specifies that blocking is for **all**
queries of type SOA and SRV, plus the subset of queries with type=ANY
that contain underscores.
Regards,
Geoff.
--
Geoff Back
What if we're all just characters in someone's nightmares?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220101/eeb0b59a/attachment.htm>
More information about the Dnsmasq-discuss
mailing list