Re: [Dnsmasq-discuss] Feature suggest: combine --bogus-nxdomain
On Wed, 11 Mar 2015 09:52:19 +0800 Chen Wei wrote: so the return status of dig badass.com will be NXDOMAIN? Unfortunately not. My trick suggests a different method of keeping bad hosts at bay. It creates a SPAMHAUS type blacklist, and is used in the context of an inbound connect request to a server. The server makes a DNS call to the blacklist, giving an IP address (or host name) and asking who is this guy? The blacklist responds he is a nuisance, keep him out or I have no information. The system is used extensively in mail servers and spam filters, which is where I am using my blacklist. Hope this helps allen C ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Feature suggest: combine --bogus-nxdomain
On Tue, Mar 10, 2015 at 02:40:03PM +, Allen Coates wrote: It is going off at a tangent, but I have been experimenting with real-time blacklists, for use with (say) a mail server. Or you could also use something like:- address=/badass.com.blacklist.mydomain.co.uk/127.0.0.1 to blacklist individual domains. so the return status of dig badass.com will be NXDOMAIN? -- Chen Wei ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Feature suggest: combine --bogus-nxdomain
It is going off at a tangent, but I have been experimenting with real-time blacklists, for use with (say) a mail server. If you set up an RTBL of blacklist.mydomain.co.uk, then:- address=/br.blacklist.mydomain.co.uk/127.0.0.1 will return an entry for (and hence will blacklist) any host using the country code .br (Brazil) Or you could also use something like:- address=/badass.com.blacklist.mydomain.co.uk/127.0.0.1 to blacklist individual domains. It has not been exhaustively tested, but it seems to work for the dud hostnames I have been trying to block from my mail server. It also seems to work with IP addresses (with reversed octets), but that way round is even less thoroughly tested. For What It's Worth... Regards Allen C ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Feature suggest: combine --bogus-nxdomain and --address
Hi list, When using dnsmasq to block malware site, the address usually is set to an valid IP address with a listening webserver, for example: --address=/malware.com/10.0.0.254 What if combine it with --bogus-nxdomain=10.0.0.254 So that the DNS record of malware.com is essentially deleted from network. The current implementation skips --bogus-nxdomain if the IP is from --address. This feature will only add few lines of code. What are the cons to combine --bogus-nxdomain and --address? -- Chen Wei ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss