[Dnsmasq-discuss] filter-rr does not work as documentation describes
gresser at riseup.net
gresser at riseup.net
Tue Jun 23 01:04:18 UTC 2026
https://dnsmasq.org/docs/dnsmasq-man.html 's "filter-rr" section says 2
things:
1. "Remove records of the specified type(s) from answers."
2. "filter-rr=ANY has a special meaning: it filters replies to queries
for type ANY. Everything other than A, AAAA, MX and CNAME records are
removed."
Well, both behavior described in documentation does not appear working.
> "Remove records of the specified type(s) from answers."
"PTR" is not filtered.
I added "filter-rr=TXT,MX,HTTPS,SRV,PTR" and restarted dnsmasq.
- "TXT" requests still got send but correctly removed (EDE: 17
(Filtered))
query[TXT] eicar.org from 127.0.0.1
forwarded eicar.org to 8.8.8.8#53
- BUT, "PTR" doesn't get filtered by dnsmasq.
ANSWER SECTION: <-- no EDE Filtered
> filter-rr=ANY
I was expecting "Everything other than A, AAAA, MX and CNAME records are
removed" like you said in documentation.
- "dig eicar.org MX" returns (expected as described)
eicar.org. 86400 IN MX 10
mail017.webhosting.manitu.net.
- Type TXT: "dig github.org TXT" returns
github.com. 3600 IN TXT
"docusign=087098e3-3d46-47b7-9b4e-8a23028154cd"
- Type PTR: "dig 1.1.1.1.in-addr.arpa" also returned answer.
> Conclusion
Why I can't block PTR, and why ANY doesn't working as advertised?
# dpkg --list|grep dnsmasq
ii dnsmasq 2.91-1+deb13u1
all Small caching DNS proxy and DHCP/TFTP server - system
daemon
ii dnsmasq-base 2.91-1+deb13u1
amd64 Small caching DNS proxy and DHCP/TFTP server -
executable
More information about the Dnsmasq-discuss
mailing list