On 08/08/17 09:23, wkitt...@gmail.com wrote:
On 08/08/2017 04:06 AM, Matteo Croce wrote:
2017-08-08 4:26 GMT+02:00  <wkitt...@gmail.com>:
On 08/07/2017 06:02 PM, Matteo Croce wrote:

I propose adding an option to allow banning some domains.

add `--ban-hosts' which accepts a file name which contains a list of
domains to block, one per line.
Domains are blocked by simply returning NXDOMAIN.

is the following in dnsmasq.conf broken???

# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/

Nope, but it's unpractical when the ban list is huge

impractical?

# wc -l /etc/banhosts
13090 /etc/banhosts

also, having it in a separate file will allow updating it without
messing with the configuration file


well, you asked for comments so i did... as for separate files, can't it be done in another file that is included in the main one? i can't remember if dnsmasq allows one to include additional files or not...

LEDE/Openwrt does exactly that. The startup script conditionally includes a config file with a list of RFC6761 related domains to never forward "--conf-file=$RFC6761FILE" - The referenced file contains "server=/exclude/" type references.

So the functionality is already there, though not quite with perfect syntax in the sense that 'server=/ /' is repeated each line.

How is the 'ban-hosts' file updated? Does it need a SIGHUP to dnsmasq (please not another thing hanging off SIGHUP) Does it need a complete restart?

If 'ban-hosts' can be dynamically updated then I can see some value in it, until then it looks like it's a syntax nicety. Perhaps there's some other feature we're all missing... is it faster for example?

Kevin





_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to