[Dnsmasq-discuss] The filterwin2k option will make the dig command fail to query SOA.

Simon Kelley simon at thekelleys.org.uk
Thu Jan 6 23:14:22 UTC 2022 

On 01/01/2022 17:11, Andreas Metzler wrote:
> On 2022-01-01 Dominik Derigs <dl6er at dl6er.de> wrote:
>> On Sat, 2022-01-01 at 16:27 +0100, Andreas Metzler wrote:
>>> The manpage says "The requests blocked are for records [...]
>>> where the requested name has underscores". The test-query shown
>>> above is not for a name with underscores. So, afaict not working
>>> as documented.
> 
>> you have removed relevant parts when quoting that changed
>> meaning. The man page says
> 
>>> The requests blocked are for records of types SOA and SRV, and
>>> type ANY where the requested name has underscores, to catch LDAP
>>> requests.
> 
>> where two parts are mentioned:
> 
>>> records of types SOA and SRV,
> 
>> and
> 
>>> and type ANY where the requested name has underscores
> 
>> I just checked the code. This is exactly what happens
> 
>> SOA and SRV are always blocked, ANY only with underscores. To me,
>> this seems clear from the man text because of the first and
>> exclusively connecting SOA and SRV and then ANY + underscores
>> following thereafter.
> 
> I considered this to be a possible reading but the preceding text said
> that the feature was for filtering out "requests which don't get
> sensible answers from the public DNS" and my brain refused to put any
> and all SRV requests in this box. ;-)
> 
>> I see the man page wording could be improved.
> 
> How about
> ---------------
> diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
> index 4de8969..96338b3 100644
> --- a/man/dnsmasq.8
> +++ b/man/dnsmasq.8
> @@ -346,6 +346,7 @@ forged answer to a DNS request for certain domain, before the correct answer can
>  Later versions of windows make periodic DNS requests which don't get sensible answers from
>  the public DNS and can cause problems by triggering dial-on-demand links. This flag turns on an option
> -to filter such requests. The requests blocked are for records of types SOA and SRV, and type ANY where the 
> -requested name has underscores, to catch LDAP requests.
> +to filter such requests. The requests blocked are for records of type ANY
> +where the requested name has underscores, to catch LDAP requests, and for
> +\fBall\fP records of types SOA and SRV.
>  .TP
>  .B --filter-A
> ---------------
> 
> cu Andreas
> 

Patch applied. A definite improvement.


Cheers,

Simon.

More information about the Dnsmasq-discuss mailing list