dnsmasq: do not forward rfc6761 excluded domains
authorKevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Mon, 20 Feb 2017 10:15:55 +0000 (10:15 +0000)
committerHans Dedecker <dedeckeh@gmail.com>
Thu, 9 Mar 2017 09:42:27 +0000 (10:42 +0100)
commit3a06dd60eba362df90705315bbbddced39566a2e
treeb4041f803bea867c097902fa1239afcb203bec82
parent2261c9cc7715e6d590952989ebef96e08cc019fc
dnsmasq: do not forward rfc6761 excluded domains

RFC 6761 defines a number of top level domains should not be forwarded
to the Internet's domain servers since they are not responsible for
those domains.

This change adds a list of domains that will be blocked when 'boguspriv'
is used and augments that which is already blocked by dnsmasq's notion
of 'local service' using '--bogus-priv' i.e. RFC 1918 private addresses
and IPv6 prefixes as defined in RFC 6303.

To make this configurable rather than hard coded in dnsmasq's init
script, a new file /usr/share/dnsmasq/rfc6761.conf is conditionally
included.

The default file matches the RFC 6761 recommendation along with a few
other top level domains that should not be forwarded to the Internet.

Compile & run tested Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
package/network/services/dnsmasq/Makefile
package/network/services/dnsmasq/files/dnsmasq.init
package/network/services/dnsmasq/files/rfc6761.conf [new file with mode: 0644]