Afternoon, I'm looking to selectively block certain domains using dnsmasq by rewriting responses. I realise this can already be done statically through config files, but I want this to be more dynamic and intend to operate a set of DNS servers that maintains a list of blocked domains (as this will be (a) a large list and (b) be used by numerous clients, so should be centrally managed). So, I'm imaging the query flow would go a little like this:
1) Client in LAN makes A query for www.example.com to dnsmasq 2) dnsmasq forwards query to ISP-hosted resolver 3) dnsmasq receives response from ISP-hosted resolver 4) dnsmasq sends query to special DNS server to check for blocked status 5) dnsmasq receives response from special 'blocked' DNS server 6) If the query to the 'blocked' DNS server dnsmasq returns success (a certain magic number), then return the real response to the user (obtained in step 3), otherwise a spoofed address (e.g. localhost) (Of course, I'd intend to introduce caching in steps 4/5 as dnsmasq does normally for its forwarding functionality). A couple of questions arise: 1) Is this a sensible thing to be doing in dnsmasq? Is there something else that does it natively that I've overlooked? 2) Can anyone point me towards where I should start looking in the source to incorporate the changes? Any advice would be greatly appreciated. I've searched the mailing list archives and couldn't find anything quite like this. Thanks, Sam
