On Sun, Mar 15, 2015 at 09:11:58PM +0000, Simon Kelley wrote: > On 12/03/15 08:29, Chen Wei wrote: > > This patch is mainly for blocking malware domains. > Why use a fake address. It seems more sensible to have some syntax > we could re-use that syntax so that > address=/malware.com/# > means "return NXDOMAIN for *.malware.com"
It is cleaner indeed. -- Chen Wei --- src/dnsmasq.h | 1 + src/forward.c | 2 ++ src/option.c | 13 ++++++++++--- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/dnsmasq.h b/src/dnsmasq.h index de95d0e..c96e074 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -485,6 +485,7 @@ union mysockaddr { #define SERV_NO_REBIND 2048 /* inhibit dns-rebind protection */ #define SERV_FROM_FILE 4096 /* read from --servers-file */ #define SERV_LOOP 8192 /* server causes forwarding loop */ +#define SERV_NXDOMAIN 16384 /* domain should return NXDOMAIN */ struct serverfd { int fd; diff --git a/src/forward.c b/src/forward.c index 7c0fa8d..471e667 100644 --- a/src/forward.c +++ b/src/forward.c @@ -162,6 +162,8 @@ static unsigned int search_servers(time_t now, struct all_addr **addrpp, { if (serv->flags & SERV_NO_REBIND) *norebind = 1; + else if (serv->flags & SERV_NXDOMAIN) + flags = F_NXDOMAIN; else { unsigned int sflag = serv->addr.sa.sa_family == AF_INET ? F_IPV4 : F_IPV6; diff --git a/src/option.c b/src/option.c index eace40b..ba54a48 100644 --- a/src/option.c +++ b/src/option.c @@ -2290,9 +2290,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma else if (strcmp(arg, "#") == 0) { - newlist->flags |= SERV_USE_RESOLV; /* treat in ordinary way */ - if (newlist->flags & SERV_LITERAL_ADDRESS) - ret_err(gen_err); + if (option == 'S') + { + newlist->flags |= SERV_USE_RESOLV; /* treat in ordinary way */ + if (newlist->flags & SERV_LITERAL_ADDRESS) + ret_err(gen_err); + } + else if (option == 'A') + { + newlist->flags |= SERV_NXDOMAIN; /* domain return NXDOMAIN */ + } } else { -- 1.7.10.4
signature.asc
Description: Digital signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss