Hi, I need to build an ipset which captures the results for the specific query "google.com", however, I don't want to include any subdomains, eg www.google.com, etc.
Any thoughts on how to achieve this? At least when I last checked, the ipset feature of dnsmasq, automatically includes subdomains as well? Related question. Again, when I last looked at the code, matching stopped at the first ipset which matched the domain. Meaning that it's not possible to configure dnsmasq to populate two ipsets to include a common domain and have both ipsets populated with the results if the domain name is queried? Is there anyone who feels strongly about this existing behaviour? I'm making a feature request that matching should check all ipsets for matching domains, not just stop at the first found. Assuming Simon doesn't bite and implement this for me, would such a change be accepted if I implemented it? (Motivation is that I collect various groups of domain lookups into ipsets for later user with firewall queries. Assuming you use ipsets for "logical" kind of partitions of apps, then this often leads to common domains being repeated across several definitions. eg if I had a news apps ipset, as well as a video apps ipset, and a classroom apps ipset, then all of these would have various common google domains included in each. At present I need to be extremely careful to avoid duplicates to prevent unexpected results, eg I have to break out the common domains into their own ipsets and then including these across multiple firewall rules. It would be much easier if I could allow overlapping results in dnsmasq) Thanks Ed W _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
