On 01/01/2022 17:11, Andreas Metzler wrote: > On 2022-01-01 Dominik Derigs <dl...@dl6er.de> wrote: >> On Sat, 2022-01-01 at 16:27 +0100, Andreas Metzler wrote: >>> The manpage says "The requests blocked are for records [...] >>> where the requested name has underscores". The test-query shown >>> above is not for a name with underscores. So, afaict not working >>> as documented. > >> you have removed relevant parts when quoting that changed >> meaning. The man page says > >>> The requests blocked are for records of types SOA and SRV, and >>> type ANY where the requested name has underscores, to catch LDAP >>> requests. > >> where two parts are mentioned: > >>> records of types SOA and SRV, > >> and > >>> and type ANY where the requested name has underscores > >> I just checked the code. This is exactly what happens > >> SOA and SRV are always blocked, ANY only with underscores. To me, >> this seems clear from the man text because of the first and >> exclusively connecting SOA and SRV and then ANY + underscores >> following thereafter. > > I considered this to be a possible reading but the preceding text said > that the feature was for filtering out "requests which don't get > sensible answers from the public DNS" and my brain refused to put any > and all SRV requests in this box. ;-) > >> I see the man page wording could be improved. > > How about > --------------- > diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 > index 4de8969..96338b3 100644 > --- a/man/dnsmasq.8 > +++ b/man/dnsmasq.8 > @@ -346,6 +346,7 @@ forged answer to a DNS request for certain domain, before > the correct answer can > Later versions of windows make periodic DNS requests which don't get > sensible answers from > the public DNS and can cause problems by triggering dial-on-demand links. > This flag turns on an option > -to filter such requests. The requests blocked are for records of types SOA > and SRV, and type ANY where the > -requested name has underscores, to catch LDAP requests. > +to filter such requests. The requests blocked are for records of type ANY > +where the requested name has underscores, to catch LDAP requests, and for > +\fBall\fP records of types SOA and SRV. > .TP > .B --filter-A > --------------- > > cu Andreas >
Patch applied. A definite improvement. Cheers, Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss