Hi Simon,

El 08/09/18 a las 19:17, Simon Kelley escribió:
> The question is, should the above configuration be "baked in" to the code?

Yes. In general it is considered against good practice to provide insane
defaults and in this case this entails software and not configuration

Keep in mind that dnsmasq is used by a wide variety of users nowadays,
not only home routers and embedded  but also as a simple DHCP/DNS server
in NAT setups, for example by NetworkManager or libvirt. Getting all of
these users to update the way in which they generate dnsmasq
configurations may be impractical as oposed to the rare case of allowing
the names in such a blacklist.

Because of this it would be best to let dnsmasq to default to safe
behaviour (filtering known bad names like wpad) and allowing users to
disable this behaviour via a configuration/command line directive. That
way the next update will fix the problem for the majority of users out
of the box whilst still allowing the few with a legitimate interest in
allowing overriding of entries like wpad to do so.

If you need help writting such a patch I can try to get some time to do so.



Attachment: signature.asc
Description: OpenPGP digital signature

Dnsmasq-discuss mailing list

Reply via email to