On 10/09/18 00:19, klondike wrote: > Hi Simon, > > El 08/09/18 a las 19:17, Simon Kelley escribió: >> The question is, should the above configuration be "baked in" to the code? > > Yes. In general it is considered against good practice to provide insane > defaults and in this case this entails software and not configuration > defaults. > > Keep in mind that dnsmasq is used by a wide variety of users nowadays, > not only home routers and embedded but also as a simple DHCP/DNS server > in NAT setups, for example by NetworkManager or libvirt. Getting all of > these users to update the way in which they generate dnsmasq > configurations may be impractical as oposed to the rare case of allowing > the names in such a blacklist. > > Because of this it would be best to let dnsmasq to default to safe > behaviour (filtering known bad names like wpad) and allowing users to > disable this behaviour via a configuration/command line directive. That > way the next update will fix the problem for the majority of users out > of the box whilst still allowing the few with a legitimate interest in > allowing overriding of entries like wpad to do so. > > If you need help writting such a patch I can try to get some time to do so. > > Sincerely, > > Klondike
So, if I read the replies so far correctly, we have votes both for "ignore wpad by default, and give an option to switch that off" and "don't ignore wpad by default, but add the code to do so to the example config file." The first is a bit of a problem, if you have dhcp-name-match=set:wpad-ignore,wpad dhcp-ignore-names=tag:wpad-ignore either in a global config file, or baked into the code. there's no way to unset the wpad-ignore tag, or override the dhcp-ignore-names directive. The second is easier to achieve, but the example config file is a little unloved these days. I kind of lost the habit of adding each new configuration option in there. Cheers, Simon.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
