[OpenWrt-Devel] [PATCH] dnsmasq: prevent forwarding RFC6303 zones
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Thu Sep 24 14:05:26 EDT 2015
On 24/09/15 17:54, Steven Barth wrote:
> Okay, we can do this, however we need to figure 3 things out first.
>
> 1. Disable boguspriv, doing both is unintuitive.
ok, so extra lines for .10, 16-32.172, 168.192 - an extra 18 lines in
total. And an update to luci to remove the bogus priv tick box?
> 2. Make sure it doesn't broke reverse resolving locally known hosts,
> i.e. those in the hostfiles and those that have a DHCP lease.
It doesn't. nslookups for my local boxes on 192.168.n.x configured
either as known hosts or as dhcp leases work fine. I'd like to think I
would have noticed if it didn't.
> 3. Make sure that doesn't break applications that sub-delegate some of
> those addresses (i.e. I have an application that delegates certain
> private reverse zones to another server/router in the lan), it does
> this by placing similar entries into /tmp/dnsmasq.d/ for the
> respective zones.
May I suggest that is a 'special use' case and requires sensible, extra
configuration just like many other uses. I'm suggesting an Internet
friendly default, admittedly one that requires extra effort to disable
if a use case requires.
Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150924/423edfd8/attachment.p7s>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list