-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/03/15 08:29, Chen Wei wrote: > This patch is mainly for blocking malware domains. > > Usage scenario: > > Let's say we want block malware.com, in dnsmasq configure file, > use: > > bogus-nxdomain=192.0.2.1 address=/malware.com/192.0.2.1 > > where 192.0.2.1 can be any ip that we know doesn't exist on the > LAN. > > Then the query for *.malware.com will return 0 answer, together > with the query status set to NXDOMAIN. > >
Why use a fake address. It seems more sensible to have some syntax which directly means "return NXDOMAIN". The code to decode --address is just the same as the code to decode - --server, and there's already a "special" value for the address in - --server - --server=/.google.com/# means "use the standard servers for *.google.com" we could re-use that syntax so that address=/malware.com/# means "return NXDOMAIN for *.malware.com" Seems cleaner. Simon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlUF9Z4ACgkQKPyGmiibgrdy0gCgogJ1Akweow8ZafJHfEKOFfFl lIMAnjGkQujDN/CLXcOL2wMn1/b3yh27 =P4wJ -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
