[Dnsmasq-discuss] URIBL_BLOCKED with dnsmasq and server options
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Aug 31 16:07:56 UTC 2022
>>On 18.08.22 11:08, Jelle de Jong wrote:
>> > I understand dnsmasq is an forwarding dns server and I was wondering
>> > if there is a way to configure it to do dns lookups using it own IP
>> > external address instead of the server forwarders, maybe just for
>> > URIBL lookups ...
>On 8/30/22 17:41, Buck Horn wrote:
>>It isn't entirely clear to me what you are trying to achieve.
>>
>>Your suggestion sounds as if you'd want your dnsmasq to use its own
>>external IP address instead of a public DNS resolver as an upstream
>>forward target.
this is common advice when running mailserver or anything that queries
public DNS lists - send queries from your IP, don't forward them elsewhere.
>> I wouldn't recommend that, as that would close a DNS loop.
???
>>But since you mention URIBL:
>>Maybe you are just looking for a way to avoid being rate-limited or
>>outright blocked when doing URIBL lookups via a public resolver?
public resolver or local isp resolver - they all can be blocked at public
DNS lists. I guess those lists only care about number of queries and block
anything that exceeds their limits.
>>dnsmasq's *server* option is likely what you need, and it's well
>>explained at
>>https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
>>
>>You could start by giving the following line a try:
>>server=/uribl.com/<URIBL DNS mirror here>
On 30.08.22 21:09, Jelle de Jong wrote:
>I tried this, but that is not working, as expected as the mirrors are
>not DNS resolving mirrors but just alternatives for uribl.com as far
>as I can see.
>
>server=/uribl.com/ff.uribl.com
>server=/uribl.com/54.153.32.255
this may or may not work. however this requires manual configuration for
every list used and ocasional tuning (they may add and lose servers).
too much of manual work imho.
>However Eric Fahlgren suggested unbound.
I have asked before and I'm asking again:
If you already use iterative DNS server instead of forwarding, what's the
point of using dnsmasq?
I'm not saying there's no such reason, you may have one - and you may not
have, in such case direct using of BIND, kresd or unbound would be easier to
maintain.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
More information about the Dnsmasq-discuss
mailing list