[Dnsmasq-discuss] NXDOMAIN entries in addn-host file
Petr Menšík
pemensik at redhat.com
Tue May 7 21:20:37 UTC 2024
I think that can be already specified by --server-file. Each domain
would be listed as --server=/blocked.example.net/, which implements just
--local= option. Of course that requires some decoration around just
list of domains. It is not possible to load just domain per line file
into dnsmasq.
You can also use --conf-script to generate blocklist. I think
server-file can reload updated information after SIGHUP received. I
doubt conf-script can do the same, although the example in man page uses
blocklist definition. But have not verified that myself.
Cheers,
Petr
On 5/7/24 13:14, Steffen Greber wrote:
> I know in the addn-host you can specify additional hosts files. It
> would be great to extend the syntax, so we can block some domains
> (ipv4 and ipv6).
> Currently I add some domains with 127.0.0.1 or 0.0.0.0 to blacklist
> them but it seams not to be really the same than be resolved to
> NXDOMAIN, since (some) tools try then to connect to the specified ips.
> The background is, I have some services running on a local machine. An
> entry in the addnhost file is only done if the service is running. So,
> if now a service dies (or is deactivated) and another service tries to
> resolve it by its name, the ip can not be resolved locally and the
> request it forwarded to the upstream resolver (which in my case leads
> to a security issue).
>
> A other solution would be to use the *bogus-nxdomain* so I can map my
> services to a specify ip and define it as a bogus-nxdomain. But this
> option seems not to be working with domains defined in the addn-hosts
> files.
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20240507/fc48b093/attachment.htm>
More information about the Dnsmasq-discuss
mailing list