Re: [Dnsmasq-discuss] suggestion filter out loopback addresses for query
On 08/02/2016 07:39 AM, Junyang Gu wrote: > It seems to me that dnsmasq should filter out loopback addresses for DNS > queries universally, or at least provide such an option. > > Consider such a scenario, > > dnsmasq runs on host1, and host1's /etc/hosts contains 127.0.1.1 host1, > which is usually the case. > > A second machine host2 queries dnsmasq for host1, and would get > 127.0.1.1, which is also a valid IP address, except it goes to host2. > > I do not see any any scenario where dnsmasq should return a loopback > address. > > > Regards > > I can think of scenarios where this would be desired. Imagine an application that was controlled via DNS with a short TTL, such that when the server was operating normally a real IP would be returned, but when the main server is down the hosts are redirected to a local cache. In this case, it would be useful to be able to point hosts at their local loopback address. It is also used for "blackholing" certain addresses, such as Websites with known malware or adult content. I could see filtering localhost responses being a useful option (if it wasn't mandatory or on by default). -- Dan Sneddon | Principal OpenStack Engineer dsned...@redhat.com | redhat.com/openstack 650.254.4025| dsneddon:irc @dxs:twitter ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] suggestion filter out loopback addresses for query
Hi, Le Tue, 02 Aug 2016 10:39:23 -0400 Junyang Gua écrit: > It seems to me that dnsmasq should filter out loopback addresses for > DNS queries universally, or at least provide such an option. > > Consider such a scenario, > > dnsmasq runs on host1, and host1's /etc/hosts contains 127.0.1.1 > host1, which is usually the case. > > A second machine host2 queries dnsmasq for host1, and would get > 127.0.1.1, which is also a valid IP address, except it goes to host2. > > I do not see any any scenario where dnsmasq should return a loopback > address. I've seen this method used by NS providers for blackholing suspicious FQDNs. It makes sure traffic directed at them will not even enter the Net. > Regards Amicalement, -- Albert. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] suggestion filter out loopback addresses for query
It seems to me that dnsmasq should filter out loopback addresses for DNS queries universally, or at least provide such an option. Consider such a scenario, dnsmasq runs on host1, and host1's /etc/hosts contains 127.0.1.1 host1, which is usually the case. A second machine host2 queries dnsmasq for host1, and would get 127.0.1.1, which is also a valid IP address, except it goes to host2. I do not see any any scenario where dnsmasq should return a loopback address. Regards -- Junyang Gu mike...@fastmail.com ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss