> Op 7 mrt. 2021 om 00:33 heeft Aaron Jones <[email protected]> het > volgende geschreven: > > On 06/03/2021 19:22, Geert Stappers via Dnsmasq-discuss wrote: >> Share the challenge you are facing with us. > > Put simply, I need dnsmasq to return nothing for an A query, as the VPN > has no IPv4 routing; I do not wish the query to be forwarded, because > then it will be answered by the Internet, and applications may then end > up trying to access the service without using the VPN.
I think this should be taken care of on the client, e.g. with scutil on macOS. > This will not work due to firewalling. The hostname has IPv4 and IPv6 > addresses when queried over the Internet, but the particular service on > that host that I wish to access is only available over the VPN, which is > IPv6-only. > > It would be nice if there were an explicit way to indicate in a > --host-record option that it should not forward queries for this name if > it has not been configured with the respective address, and instead > reply with nothing (as though the name exists, but the record does not). > > 0.0.0.0 and :: seem as valid a choice as any for a "no address" > configuration entry. If it ends up being those, I think it should apply > to hosts(5) entries too. > > This is sort of what I'm achieving right now, with the undesirable side > effect that dnsmasq returns those addresses literally. Unfortunately, > this would result in the application attempting to connect to localhost, > as that's what most operating systems treat 0.0.0.0 / :: as, when used > as the argument to connect(2). > > Regards, > Aaron Jones > > _______________________________________________ > Dnsmasq-discuss mailing list > [email protected] > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss _______________________________________________ Dnsmasq-discuss mailing list [email protected] https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
