> Problem When you use adblock dns as upstream with a combination with dnsmasq like below, and when the upstream return 0.0.0.0 as an answer, dnsmasq block it automatically if the user have "stop-dns-rebind" in the config.
User -> DNSmasq -> DNSCrypt(Filters Bad IP & CNAMEs) -> NSANet User: what is www.google.com DNSmasq: Yeah, what is www.google.com DNSCrypt: Google IPs are blocked, so returning 0.0.0.0 (blocked_query_response = 'a:0.0.0.0') DNSmasq: Upstream returned 0.0.0.0, nulling it out User: Whaaat?? This is undesired - I want to block 192.168.x.x/169.254.x.x/255.x ranges from the internet but not 0.0.0.0. "0.0.0.0" is widely used by HOSTS/AdblockDNS to block the FQDN. > Proposal Just like "rebind-localhost-ok" switch, I propose a new switch A or B; (A) rebind-zeroed-ok This simply tells dnsmasq "Exempt 0.0.0.0 from rebinding checks" (B) dns-rebind-except=CIDR[,CIDR] (or maybe: dns-rebind-allowed=CIDR[,CIDR]) This simply tells... e.g., stop-dns-rebind dns-rebind-except = 127.0.0.1/32,192.168.7.0/24 -> will block any LAN, local and 0 EXCEPT those IPs. stop-dns-rebind dns-rebind-except = 127.0.0.1/32,0.0.0.0/32 -> This I would like to have. _______________________________________________ Dnsmasq-discuss mailing list [email protected] https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
