Hi Simon, El 08/09/18 a las 19:17, Simon Kelley escribió: > The question is, should the above configuration be "baked in" to the code?
Yes. In general it is considered against good practice to provide insane defaults and in this case this entails software and not configuration defaults. Keep in mind that dnsmasq is used by a wide variety of users nowadays, not only home routers and embedded but also as a simple DHCP/DNS server in NAT setups, for example by NetworkManager or libvirt. Getting all of these users to update the way in which they generate dnsmasq configurations may be impractical as oposed to the rare case of allowing the names in such a blacklist. Because of this it would be best to let dnsmasq to default to safe behaviour (filtering known bad names like wpad) and allowing users to disable this behaviour via a configuration/command line directive. That way the next update will fix the problem for the majority of users out of the box whilst still allowing the few with a legitimate interest in allowing overriding of entries like wpad to do so. If you need help writting such a patch I can try to get some time to do so. Sincerely, Klondike
Description: OpenPGP digital signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasqfirstname.lastname@example.org http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss