On Tue, 01 Mar 2005 11:16:54 -0500, you wrote: >Yes, it will work, almost exactly as you descibe actually (though there are >better ways of going about it using a file separate from /etc/hosts). Read >the /etc/dnsmasq.conf file for examples and further detail. (There is even >an example that changes all domains matching doubleclick.net to 127.0.0.1, >which when combined with apache and virtual hosting makes for a very simple >yet effective ad blocker)
OT: I have apache (1.3.?) setup with virtual hosting, what do you do to use it as an ad-blocker? > >Eric S. Johansson writes: > >> I'm very impressed by the capabilities of dnsmasg but I try to find out if >> what I want to can be done without going to full bind. >> >> the network here is a classic red/green/orange security zone. >Eric S. Johansson also writes: >It seems to me that in order to get the behavior I want, I will need to >tell dnsmasq to not use resolve.conf but instead use name servers >specified by server. then I can have resolv.conf pointed at local host. > You may stop dnsmasq going 'outside' for localnet lookups by listing local machines in an additional hosts file. From inside all machines visible, from outside only what you want is visible. Example: firewall web server may deliver NFS mount content from other localnet machines. Mountpoints have 'offline' message when not in operation. Haben't had second morning coffee yet :) Cheers, Grant.
