[ previous ] [ next ] [ threads ]
 
 From:  Mike Schuette <mike at compsolution dot us>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  dnsmasq --address
 Date:  Tue, 31 Jan 2006 21:23:14 -0600 
Hello, all.  My first time on this list, be gentle :)

First off, I want to apologize if this is a FAQ.  I tried searching the 
list for an answer to my question, but google informs me that I am a 
virus whenever I search for "dnsmasq".  I also sent an email to 
m0n0wall dash help at lists dot m0n0 dot ch (as instructed in my welcome message) hoping 
to find a search function, but that email bounced.

I'm running version 1.21 on the pc-cdrom platform, and have everything 
functioning correctly except for what I'm trying to add.  What I'm 
trying to do is block entire domains, for the purpose of filtering out 
some advertising.  I could use the host-based dns override, but this 
appears to just edit the hosts file.  Some advertisers (such as 
tacoda.net) have several subdomains, and I would need to add an entry 
for each item.  (Adding "tacoda.net" does not override "a.tacoda.net".)  
The m0n0 ability to override a domain does not override the actual A 
records returned, but instead which server is returned as the 
authoritative DNS server.  I tried that, pointing to 1.2.3.4 and then 
rejecting all traffic to 1.2.3.4 in the firewall rules.  (Yes, I made 
separate TCP and UDP rules, and made sure to actually Reject them.)  The 
problem with this approach is that several operating systems' dns lookup 
facility have built-in retries with delay.  This means that, while the 
domains are indeed blocked, any request for a host under those domains 
takes several seconds to timeout while the OS repeatedly tries to 
contact 1.2.3.4.

I did a bit of research & found out that m0n0 is using dnsmasq's 
--server argument to implement the domain-wide override.  While I can 
certainly understand the uses of this, it is not the correct way to do 
what I'm trying to do.  Using exec_raw.php I managed to kill dnsmasq & 
restart it using --address arguments ("/usr/local/sbin/dnsmasq 
--server=/advertising.com/1.2.3.4" became "/usr/local/sbin/dnsmasq 
--address=/advertising.com/1.2.3.4"), and it works perfectly.  All hosts 
instantly resolve to 1.2.3.4, which is rejected, and the applications 
continue speedily.

Is there any GUI for dnsmasq --address?  (I do realize that the 
differing functionality might be difficult to describe in brief.)  Is 
this implemented on the backend, so that I could add some options to my 
config file & it'd be blindly accepted?  I'd hate to have to manually 
kill & restart the daemons every time my router gets rebooted.

Thanks in advance, and again, sorry if this is a FAQ.  Also, fwiw, I'd 
be interested in implementing this if it isn't already.

-- 
Mike Schuette