Message ID | 1445183452-26518-1-git-send-email-kevin@darbyshire-bryant.me.uk |
---|---|
State | Deferred, archived |
Headers | show |
> RFC6303 specifies reverse dns zones that ideally should not be forwarded > to upstream (root) servers and create unnecessary load upon them. Shouldn't this be done upstream (i.e. in dnsmasq directly) rather than in our config? Stefan
On 19/10/15 01:18, Stefan Monnier wrote: >> RFC6303 specifies reverse dns zones that ideally should not be forwarded >> to upstream (root) servers and create unnecessary load upon them. > Shouldn't this be done upstream (i.e. in dnsmasq directly) rather than > in our config? > > > Stefan Ideally yes. I'm currently looking at adding the additional ipv4 addresses in its exclude list with a view to sending a patch to Simon because there seems to be an unwillingness to move on this topic here, Unfortunately there's no pre-existing ipv6 'bogus-priv' block section of code for me to extend and I suspect it may be beyond my copy'n'paste'n'tweak code skills. More controversially I'm also of the opinion that 'bogus-priv' should be on in dnsmasq by default and I will suggest that to Simon. May I ask you look at the v1 of this patch to see how things have been headed so far: https://patchwork.ozlabs.org/patch/522303/ Meantime, I'm not a complete fan of occupying bandwidth & time on dns root servers sending them queries we know they cannot answer, so until (hopefully) upstream dnsmasq handles this sort of thing, I really don't see why we shouldn't. Kevin > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
diff --git a/package/network/services/dnsmasq/files/dhcp.conf b/package/network/services/dnsmasq/files/dhcp.conf index 362b90a..5de885f 100644 --- a/package/network/services/dnsmasq/files/dhcp.conf +++ b/package/network/services/dnsmasq/files/dhcp.conf @@ -20,6 +20,36 @@ config dnsmasq #list notinterface lo #list bogusnxdomain '64.94.110.11' option localservice 1 # disable to allow DNS requests from non-local subnets + list server '/0.in-addr.arpa/' + list server '/10.in-addr.arpa/' + list server '/127.in-addr.arpa/' + list server '/16.172.in-addr.arpa/' + list server '/17.172.in-addr.arpa/' + list server '/18.172.in-addr.arpa/' + list server '/19.172.in-addr.arpa/' + list server '/20.172.in-addr.arpa/' + list server '/21.172.in-addr.arpa/' + list server '/22.172.in-addr.arpa/' + list server '/23.172.in-addr.arpa/' + list server '/24.172.in-addr.arpa/' + list server '/25.172.in-addr.arpa/' + list server '/26.172.in-addr.arpa/' + list server '/27.172.in-addr.arpa/' + list server '/28.172.in-addr.arpa/' + list server '/29.172.in-addr.arpa/' + list server '/30.172.in-addr.arpa/' + list server '/31.172.in-addr.arpa/' + list server '/254.169.in-addr.arpa/' + list server '/2.0.192.in-addr.arpa/' + list server '/168.192.in-addr.arpa/' + list server '/100.51.198.in-addr.arpa/' + list server '/113.0.203.in-addr.arpa/' + list server '/255.255.255.255.in-addr.arpa/' + list server '/d.f.ip6.arpa/' + list server '/8.e.f.ip6.arpa/' + list server '/9.e.f.ip6.arpa/' + list server '/a.e.f.ip6.arpa/' + list server '/b.e.f.ip6.arpa/' config dhcp lan option interface lan
RFC6303 specifies reverse dns zones that ideally should not be forwarded to upstream (root) servers and create unnecessary load upon them. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> --- package/network/services/dnsmasq/files/dhcp.conf | 30 ++++++++++++++++++++++++ 1 file changed, 30 insertions(+)