Hello,
this patch extends the dnsmasq initscript with an option for bogus-nxdomain.
>From the manpage:
-B, --bogus-nxdomain=<ipaddr>
Transform replies which contain the IP address given into "No such domain"
replies. This is intended to counteract a devious move made by Verisign in
September 2003 when they started returning the address of an advertising web
page in response to queries for unregistered names, instead of the correct
NXDOMAIN response. This option tells dnsmasq to fake the correct response when
it sees this behaviour. As at Sept 2003 the IP address being returned by
Verisign is 64.94.110.11
Example configuration blocking German ISPs Alice and Kabel Deutschland:
config 'dnsmasq'
list 'bogusnxdomain' '66.150.2.179'
list 'bogusnxdomain' '64.236.172.120'
Signed-Off-By: Mickey Knox <[email protected]>
--- package/dnsmasq/files/dnsmasq.init (Revision 22184)
+++ package/dnsmasq/files/dnsmasq.init (Arbeitskopie)
@@ -53,6 +53,10 @@
append args "-H $1"
}
+append_bogusnxdomain() {
+ append args "-B $1"
+}
+
dnsmasq() {
local cfg="$1"
append_bool "$cfg" authoritative "-K"
@@ -83,6 +87,7 @@
config_list_foreach "$cfg" "interface" append_interface
config_list_foreach "$cfg" "notinterface" append_notinterface
config_list_foreach "$cfg" "addnhosts" append_addnhosts
+ config_list_foreach "$cfg" "bogusnxdomain" append_bogusnxdomain
append_parm "$cfg" "leasefile" "-l"
append_parm "$cfg" "resolvfile" "-r"
append_parm "$cfg" "tftp_root" "--tftp-root"
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
