I think that can be already specified by --server-file. Each domain
would be listed as --server=/blocked.example.net/, which implements just
--local= option. Of course that requires some decoration around just
list of domains. It is not possible to load just domain per line file
into dnsmasq.
You can also use --conf-script to generate blocklist. I think
server-file can reload updated information after SIGHUP received. I
doubt conf-script can do the same, although the example in man page uses
blocklist definition. But have not verified that myself.
Cheers,
Petr
On 5/7/24 13:14, Steffen Greber wrote:
I know in the addn-host you can specify additional hosts files. It
would be great to extend the syntax, so we can block some domains
(ipv4 and ipv6).
Currently I add some domains with 127.0.0.1 or 0.0.0.0 to blacklist
them but it seams not to be really the same than be resolved to
NXDOMAIN, since (some) tools try then to connect to the specified ips.
The background is, I have some services running on a local machine. An
entry in the addnhost file is only done if the service is running. So,
if now a service dies (or is deactivated) and another service tries to
resolve it by its name, the ip can not be resolved locally and the
request it forwarded to the upstream resolver (which in my case leads
to a security issue).
A other solution would be to use the *bogus-nxdomain* so I can map my
services to a specify ip and define it as a bogus-nxdomain. But this
option seems not to be working with domains defined in the addn-hosts
files.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
