Leaving aside the desirability of DNS servers like Quad9 lying in their answers, how do you distinguish an NXDOMAIN answer which is Quad9 telling you something you need to know, and any other NXDOMAIN reply, of which there will probably be a large number?
Cheers, Simon. On 28/01/18 13:53, Loganaden Velvindron wrote: > Hello simon & folks, > > After the launch of Quad9 where harmful domains return NXDOMAIN if a > query is made, I have developed a quick patch to log NXDOMAIN only, > and discover compromised devices on a local network instead of simply > blocking them. > > [More info about quad9 here: https://www.quad9.net/] > > Would upstream be interested in such a patch ? > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasqfirstname.lastname@example.org > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss