config dnsmasq
option domainneeded 1
option boguspriv 1
- option filterwin2k '0' #enable for dial on demand
+ option filterwin2k 0 # enable for dial on demand
option localise_queries 1
+ option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
+ option rebind_localhost 0 # enable for RBL checking and similar services
+ #list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/lan/'
option domain 'lan'
option expandhosts 1
config_get hostsfile "$cfg" dhcphostsfile
[ -e "$hostsfile" ] && append args "--dhcp-hostsfile=$hostsfile"
+
+ local rebind
+ config_get_bool rebind "$cfg" rebind_protection 1
+ [ $rebind -gt 0 ] && {
+ logger -t dnsmasq \
+ "DNS rebinding protection is active," \
+ "will discard upstream RFC1918 responses!"
+ append args "--stop-dns-rebind"
+
+ local rebind_localhost
+ config_get_bool rebind_localhost "$cfg" rebind_localhost 0
+ [ $rebind_localhost -gt 0 ] && {
+ logger -t dnsmasq "Allowing 127.0.0.0/8 responses"
+ append args "--rebind-localhost-ok"
+ }
+
+ append_rebind_domain() {
+ logger -t dnsmasq "Allowing RFC1918 responses for domain $1"
+ append args "--rebind-domain-ok=$1"
+ }
+
+ config_list_foreach "$cfg" rebind_domain append_rebind_domain
+ }
}
dhcp_subscrid_add() {
projects / openwrt.git / commitdiff