On Fri, Dec 22, 2017 at 09:17:08PM +0000, Andrew White wrote: > I've used it for a while on freebsd without issue, configured as per > dnsmasq man page syntax >
Thanks for the max-ttl tip. I have used it on pfSense(based on freebsd) for several days now. No issue! > I would add to docs the risk that this feature can lead to a growing table > of ips that never gets pruned or expired, that could lead to allowing more > ip addrs within a Table over time, than might be anticipated. i.e. you > could end up that the hostname of the endpoint moves ip, but your firewall > still allows traffic from the old ip, under some circumstance this is a > significant risk. I use max-ttl feature of dnsmasq with the pf Table > expires feature to prune the table every 15 mins. YMMV as the client using > this feature would need to support re-resolving ip's. > > On Tue, Dec 19, 2017 at 1:38 AM, Chen Wei <weichen...@zoho.com> wrote: > > > On Mon, Dec 18, 2017 at 07:21:37PM +0000, Simon Kelley wrote: > > > On 17/12/17 08:02, Chen Wei wrote: > > > > is very fast. Is it possible to add the results of DNS lookup to pf > > > > table from dnsmasq? > > > > > > > Yes, it is. pf tables is supported on BSD using the same --ipset > > > dnsmasq configuration option. Looking, there's not explicit > > -- Chen Wei _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss