On 19/10/15 14:01, Kevin Darbyshire-Bryant wrote: > Hi Simon, > > I wonder if I could encourage you to look at extending the 'bogus-priv' > option to include some IPv6 zones? In essence dnsmasq is currently > forwarding ipv6 link-local reverse queries when in reality root servers > aren't going to know anything. Looking in the archives I see ipv6 > reverses & 'bogus-priv' has been brought up before, and typically > stalled on deciding what to block. I think RFC6303 answers those > questions to a large extent. > > Attached is a patch to include extra IPv4 zones that are listed in that > document. Maybe it'll help reduce some typing, though I'm concerned it > may also affect 'rebind zones' which I'm much less confident about :-) > I couldn't find any IPv6 filtering otherwise I would have extended that too.
Patch applied. I'll do the equivalent for IPv6 soon. Cheers, Simon. > > IPv6 Zones I'm currently filtering as per that document are: > > > '/d.f.ip6.arpa/' > '/8.e.f.ip6.arpa/' > '/9.e.f.ip6.arpa/' > '/a.e.f.ip6.arpa/' > '/b.e.f.ip6.arpa/' > '/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/' > '/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/' > > > I've another more controversial idea that I'll put as another email as I > think it'll generate much more traffic! > > Cheers, > > Kevin > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
