Hi Simon,

I wonder if I could encourage you to look at extending the 'bogus-priv'
option to include some IPv6 zones? In essence dnsmasq is currently
forwarding ipv6 link-local reverse queries when in reality root servers
aren't going to know anything. Looking in the archives I see ipv6
reverses & 'bogus-priv' has been brought up before, and typically
stalled on deciding what to block. I think RFC6303 answers those
questions to a large extent.

Attached is a patch to include extra IPv4 zones that are listed in that
document. Maybe it'll help reduce some typing, though I'm concerned it
may also affect 'rebind zones' which I'm much less confident about :-)
I couldn't find any IPv6 filtering otherwise I would have extended that too.

IPv6 Zones I'm currently filtering as per that document are:


'/d.f.ip6.arpa/'
'/8.e.f.ip6.arpa/'
'/9.e.f.ip6.arpa/'
'/a.e.f.ip6.arpa/'
'/b.e.f.ip6.arpa/'
'/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/'
'/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/'


I've another more controversial idea that I'll put as another email as I
think it'll generate much more traffic!

Cheers,

Kevin