On 2018-04-21 05:41, john doe wrote: > On 4/21/2018 10:02 AM, Sean Baughn wrote: >> Hello. Is it possible to use tags with the address directive? Goal >> being to >> specify a name resolution response based on a tag match. Example of my >> use >> case: >> >> dhcp-mac=set:kids,XX:XX:XX:XX:XX:XX #My kids computer >> address=tag:kids,/youtube.com/127.0.0.1 >> >> The address line given above errors out. However I don't know if my >> syntax >> is incorrect, or if the use of tags in the address directive is invalid. >> > > According to: > > http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html > > "-A, --address=/<domain>[/<domain>...]/[<ipaddr>]" > > So you can't use tags with the '--address=' option: > > $ dnsmasq --test > dnsmasq: error at line 1 of /etc/dnsmasq.conf > > $ awk 'NR==1' /etc/dnsmasq.conf > address=tag:kids,/youtube.com/127.0.0.1 >
This wouldn't work for long because the kids could figure out how to get around your DNS block by either changing the DNS server or just using a public DNS lookup engine to find all of the destination's IP addresses and going directly there (or a local hosts file). Your best bet for a block is to use IP tables on the router and just block access to all of the destination IPs when the source IP is the kid's computer. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
