[Dnsmasq-discuss] Can tags be used with the address directive?

Discussion:

Sean Baughn

2018-04-21 08:02:35 UTC

Hello. Is it possible to use tags with the address directive? Goal being to
specify a name resolution response based on a tag match. Example of my use
case:

dhcp-mac=set:kids,XX:XX:XX:XX:XX:XX #My kids computer
address=tag:kids,/youtube.com/127.0.0.1

The address line given above errors out. However I don't know if my syntax
is incorrect, or if the use of tags in the address directive is invalid.
Thanks!

john doe

2018-04-21 12:41:07 UTC

Permalink

Post by Sean Baughn
Hello. Is it possible to use tags with the address directive? Goal being to
specify a name resolution response based on a tag match. Example of my use
dhcp-mac=set:kids,XX:XX:XX:XX:XX:XX #My kids computer
address=tag:kids,/youtube.com/127.0.0.1
The address line given above errors out. However I don't know if my syntax
is incorrect, or if the use of tags in the address directive is invalid.

According to:

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

"-A, --address=/<domain>[/<domain>...]/[<ipaddr>]"

So you can't use tags with the '--address=' option:

$ dnsmasq --test
dnsmasq: error at line 1 of /etc/dnsmasq.conf

$ awk 'NR==1' /etc/dnsmasq.conf
address=tag:kids,/youtube.com/127.0.0.1

--
John Doe

A C

2018-04-21 17:16:16 UTC

Permalink

Post by john doe

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
"-A, --address=/<domain>[/<domain>...]/[<ipaddr>]"
$ dnsmasq --test
dnsmasq: error at line 1 of /etc/dnsmasq.conf
$ awk 'NR==1' /etc/dnsmasq.conf
address=tag:kids,/youtube.com/127.0.0.1

This wouldn't work for long because the kids could figure out how to get
around your DNS block by either changing the DNS server or just using a
public DNS lookup engine to find all of the destination's IP addresses
and going directly there (or a local hosts file).

Your best bet for a block is to use IP tables on the router and just
block access to all of the destination IPs when the source IP is the
kid's computer.