dnsmasq: 新添加一个 --ignore-address 选项.

2014-12-30 16:56:18 +08:00
 aa65535

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=32fc6db

CHANGELOG

Add --ignore-address option.
Ignore replies to A-record queries which include the specified address.
No error is generated, dnsmasq simply continues to listen for another reply.
This is useful to defeat blocking strategies which rely on quickly supplying a forged answer to a DNS request for certain domains, before the correct answer can arrive.
Thanks to Glen Huang for the patch.

以后不用再维护 openwrt-dnsmasq 了 :-D

9508 次点击
所在节点    分享发现
33 条回复
LazyZhu
2014-12-30 17:19:47 +08:00
不错,但为啥不加个min-ttl选项, 有些网站ttl设置太短...
yuhaaitao
2014-12-30 17:32:12 +08:00
看不懂呀
aa65535
2014-12-30 17:38:07 +08:00
@LazyZhu 关于 min-ttl ,我之前也提交过 patch 给 dnsmasq 作者的,得到答复如下

```
Thanks for that.

Extending TTLs is normally considered to be a Bad Thing. Do you have an application for this which is worthwhile?

Cheers,

Simon.
```

有谁英语好,可以给他解释一下。
cicku
2014-12-30 17:44:41 +08:00
@aa65535 他认为你的出发点就是错的。
Showfom
2014-12-30 17:48:49 +08:00
@aa65535 你就说good good study day day up
aa65535
2014-12-30 18:05:20 +08:00
@cicku 不了解中国大陆情况吧,这边无污染的 DNS 都在国外,好不容易忍受高延迟取回的解析结果,结果 TTL 只有几十秒……

@Showfom 求个翻译。
Showfom
2014-12-30 18:06:38 +08:00
@aa65535 好好学习天天想上 哈哈
braveguywallce
2014-12-30 19:25:08 +08:00
@aa65535

那我现在要在openwrt里更新一下dnsmasq吗? 更新完了怎么弄,还是继续添加
no-resolv
server=127.0.0.1#5353

?
aa65535
2014-12-30 19:39:18 +08:00
@braveguywallce 这个应该会出现在 v2.73 里,目前还没有 release 。

ignore-address=2.1.1.2
ignore-address=4.193.80.0
ignore-address=4.36.66.178
ignore-address=8.105.84.0
...
braveguywallce
2014-12-30 20:11:16 +08:00
@aa65535 太好了,期待!
ma0dan
2014-12-30 20:21:12 +08:00
不用添加iptables规则了,dnsmasq越发强大啊
fclql
2014-12-30 21:27:01 +08:00
不觉得这个会有多理想,要是动态污染呢? 国内状况靠dnsmasq只能是被动的
hanru
2014-12-30 23:31:06 +08:00
可否推荐一个保持更新的gfw
hanru
2014-12-30 23:33:31 +08:00
可否推荐一个保持更新的gfw劫持dns解析后返回的污染ip地址列表?谢谢。
aa65535
2014-12-30 23:36:13 +08:00
hanru
2014-12-31 11:52:02 +08:00
@aa65535 就是需要这个,谢谢!
waltcow
2014-12-31 14:35:24 +08:00
@aa65535 六级低分飘过,尝试一下翻译
Since the Chinese government has polluted the DNS service in China mainland .
Every time we dig twitter.com in our network ,the GFW will return the false ip at first.
so we use the unstandard port like 443,5353 to get the real ip from OpenDns server etc ,
unfortunately,most of this DNS servers are located outside China ,every time we query Domain IP result from this DNS server,We suffer a very long-latency.
we hope the TTL could be longer so that we don't have to query much more frequently as ususal.
aa65535
2014-12-31 15:21:49 +08:00
@waltcow 谢谢,之前是因为想好没有充分的理由去说服作者添加这个功能,稍后我会再尝试一下。
GPU
2014-12-31 17:24:02 +08:00
可以说说这是什么功能吗?英文没看懂
aa65535
2014-12-31 17:41:04 +08:00
@GPU 就是忽略指定的解析结果,等待后面的正确应答,就是 ChinaDNS 的功能,怎么用看 #9.

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/157952

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX