[Dnsmasq-discuss] Allow IP address in nftset
Petr Menšík
pemensik at redhat.com
Thu Mar 30 10:16:49 UTC 2023
I think IP addresses never make it to dnsmasq, they stay at clients. So
dnsmasq cannot add them anywhere into tables. Domain name queries go
trough dnsmasq so it can manage them. Is there something I am missing?
I think IP-only tables should be managed by something else than dnsmasq.
I expect different tools can add into common table, but never tried myself.
On 3/26/23 23:10, Kurt Fitzner via Dnsmasq-discuss wrote:
> Yes, it's OpenWrt. I'm on master, recently compiled. In general
> nftset works fine, it just only seems to work for hostnames and not
> for IP addresses:
>
> nftset=/cooper.logs.roku.com/4#inet#fw4#adb4
> nftset=/99.83.154.118/4#inet#fw4#adb4
>
> The former works. The latter never appears in the ruleset.
>
> It would be handy if IP addresses could work too. This would make it,
> for example, so that DoH blocklists (IP only) could work alongside
> adblock block lists (hostnames).
>
> Kurt
>
> On 2023-03-26 17:33, Eric Fahlgren wrote:
>
>> Hi Kurt,
>>
>> Could it be that your dnsmasq is too old? Can I assume OpenWrt?
>> Dnsmasq is currently at 2.86 on the release branch 22.03, and is
>> missing the nftset stuff, but SNAPSHOT is at 2.89, so it should work
>> there...
>>
>> Eric
>>
>> On Sun, Mar 26, 2023 at 1:15 PM Kurt Fitzner via Dnsmasq-discuss
>> <dnsmasq-discuss at lists.thekelleys.org.uk> wrote:
>>
>>> Is there a way to have dnsmasq support the use of IP addresses in
>>> nftset
>>> directives? I cannot get it to work, though I can't see any reason why
>>> it shouldn't.
>>>
>>> Thanks.
>>>
>>> Kurt Fitzner
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
More information about the Dnsmasq-discuss
mailing list