I know in the addn-host you can specify additional hosts files. It would be great to extend the syntax, so we can block some domains (ipv4 and ipv6). Currently I add some domains with 127.0.0.1 or 0.0.0.0 to blacklist them but it seams not to be really the same than be resolved to NXDOMAIN, since (some) tools try then to connect to the specified ips. The background is, I have some services running on a local machine. An entry in the addnhost file is only done if the service is running. So, if now a service dies (or is deactivated) and another service tries to resolve it by its name, the ip can not be resolved locally and the request it forwarded to the upstream resolver (which in my case leads to a security issue).
A other solution would be to use the bogus-nxdomain so I can map my services to a specify ip and define it as a bogus-nxdomain. But this option seems not to be working with domains defined in the addn-hosts files.
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
