DnsMasq: Happy Happy Joy Joy

To: Debian-User <debian-user@lists.debian.org>
Subject: DnsMasq: Happy Happy Joy Joy
From: tb.nospam@comcast.net
Date: Thu, 18 Sep 2003 23:40:01 -0700
Message-id: <[🔎] 20030919064001.GA2542@attbi.com>

The other day I wished for a patched DnsMasq to block Verisign.
Pleased to say it works!

The docs aren't very prescriptive and the new versign-blocker isn't
documented at all, so here's what I did.

1. If you're running Woody or Sid, you'll have dhcp-client.  DnsMasq recommends
resolvconf, and dhcp3-client or dhcpcd or ... It's a whole kettle of fish.
2. So, to keep it simple, I patched /etc/dhclient-script:
--- dhclient-script.orig        2003-09-18 22:58:20.000000000 -0700
+++ /etc/dhclient-script        2003-09-18 23:09:11.000000000 -0700
@@ -33,10 +33,12 @@
 }
  
 make_resolv_conf() {
+  echo search $new_domain_name >/etc/resolv-up.conf
   echo search $new_domain_name >/etc/resolv.conf
   for nameserver in $new_domain_name_servers; do
-    echo nameserver $nameserver >>/etc/resolv.conf
+    echo nameserver $nameserver >>/etc/resolv-up.conf
   done
+  echo nameserver 127.0.0.1 >>/etc/resolv.conf
 }

3. Then I patched /etc/dnsmasq.conf:
--- dnsmasq.conf.orig	2003-09-18 23:05:47.000000000 -0700
+++ /etc/dnsmasq.conf	2003-09-18 23:22:10.000000000 -0700
@@ -12,12 +12,15 @@
 # to the name of the host  running dnsmasq.
 #mx-host=
 #mx-target=
-#selfmx
+selfmx
 #localmx
+filterwin2k
+bogus-nxdomain=64.94.110.11
+bogus-priv
 
 # Change this line if you want dns to get its upstream servers from
 # somewhere other that /etc/resolv.conf 
-#resolv-file=
+resolv-file=/etc/resolv-up.conf
 
 # Add other name servers here, with domain specs if they are for 
 # non-public domains.
@@ -40,7 +43,7 @@
 
 # If you want dnsmasq to listen for requests on only one interface
 # (and the loopback) give the name of the interface (eg eth0) here
-#interface=
+interface=lo
 
 # Change these if you want dnsmasq to cache any "hostname" 
 # or "client-hostname" from a dhcpd's lease file
@@ -51,7 +54,7 @@
 #domain-suffix=
 
 # Set the cachesize here.
-#cache-size=600
+cache-size=600
 
 # Normally responses which come fomr /etc/hosts and the DHCP lease
 # file have Time-To-Live set as zero, which conventionally means

---------------------------------

I have some tweaker-scripts that I run after a fresh install.
First I patch dhclient-script, down/up eth0, patch dnsmasq.conf, and restart dnsmsaq.

----

Thought I'd share what I figure out with anybody else who wants to block the
Verisign in "the simplest way possible".  I'm sure most experts are running
more sophisticated solutions -- but I like simple solutions.

Comments?

-Tom

Reply to:

Follow-Ups:
- Re: DnsMasq: Happy Happy Joy Joy
  - From: Pigeon <jah.pigeon@ukonline.co.uk>
- Re: DnsMasq: Happy Happy Joy Joy
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: Newbie woes: Deleted Internet menu in taskbar
Next by Date: Re: command line workspace switch
Previous by thread: Re: OT: Burned by domain name registrar for $150, suggestions?
Next by thread: Re: DnsMasq: Happy Happy Joy Joy
Index(es):
- Date
- Thread