dnsmasq: do not forward rfc6761 excluded domains

RFC 6761 defines a number of top level domains should not be forwarded
to the Internet's domain servers since they are not responsible for
those domains.

This change adds a list of domains that will be blocked when 'boguspriv'
is used and augments that which is already blocked by dnsmasq's notion
of 'local service' using '--bogus-priv' i.e. RFC 1918 private addresses
and IPv6 prefixes as defined in RFC 6303.

To make this configurable rather than hard coded in dnsmasq's init
script, a new file /usr/share/dnsmasq/rfc6761.conf is conditionally
included.

The default file matches the RFC 6761 recommendation along with a few
other top level domains that should not be forwarded to the Internet.

Compile & run tested Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

1 files changed, 2 insertions, 0 deletions

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index 1f5e704781..f4f21044ea 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -152,6 +152,8 @@ define Package/dnsmasq/install
 	$(INSTALL_BIN) ./files/dnsmasq.init $(1)/etc/init.d/dnsmasq
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
 	$(INSTALL_DATA) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
+	$(INSTALL_DIR) $(1)/usr/share/dnsmasq
+	$(INSTALL_DATA) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/
 endef
 
 Package/dnsmasq-dhcpv6/install = $(Package/dnsmasq/install)