diff options
| author | Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> | 2017-02-20 10:15:55 +0000 |
|---|---|---|
| committer | Hans Dedecker <dedeckeh@gmail.com> | 2017-03-09 10:42:27 +0100 |
| commit | 3a06dd60eba362df90705315bbbddced39566a2e (patch) | |
| tree | b4041f803bea867c097902fa1239afcb203bec82 /package/network/services/dnsmasq/files/rfc6761.conf | |
| parent | 2261c9cc7715e6d590952989ebef96e08cc019fc (diff) | |
| download | upstream-3a06dd60eba362df90705315bbbddced39566a2e.tar.gz upstream-3a06dd60eba362df90705315bbbddced39566a2e.tar.bz2 upstream-3a06dd60eba362df90705315bbbddced39566a2e.zip | |
dnsmasq: do not forward rfc6761 excluded domains
RFC 6761 defines a number of top level domains should not be forwarded
to the Internet's domain servers since they are not responsible for
those domains.
This change adds a list of domains that will be blocked when 'boguspriv'
is used and augments that which is already blocked by dnsmasq's notion
of 'local service' using '--bogus-priv' i.e. RFC 1918 private addresses
and IPv6 prefixes as defined in RFC 6303.
To make this configurable rather than hard coded in dnsmasq's init
script, a new file /usr/share/dnsmasq/rfc6761.conf is conditionally
included.
The default file matches the RFC 6761 recommendation along with a few
other top level domains that should not be forwarded to the Internet.
Compile & run tested Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/network/services/dnsmasq/files/rfc6761.conf')
| -rw-r--r-- | package/network/services/dnsmasq/files/rfc6761.conf | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/package/network/services/dnsmasq/files/rfc6761.conf b/package/network/services/dnsmasq/files/rfc6761.conf new file mode 100644 index 0000000000..ebc1a12118 --- /dev/null +++ b/package/network/services/dnsmasq/files/rfc6761.conf @@ -0,0 +1,15 @@ +# RFC6761 included configuration file for dnsmasq +# +# includes a list of domains that should not be forwarded to Internet name servers +# to reduce burden on them, asking questions that they won't know the answer to. + +server=/bind/ +server=/example/ +server=/example.com/ +server=/example.org/ +server=/example.net/ +server=/invalid/ +server=/local/ +server=/localhost/ +server=/onion/ +server=/test/ |