[openwrt/openwrt] dnsmasq: prevent upstream resolution of addresses
LEDE Commits
lede-commits at lists.infradead.org
Fri Nov 7 06:23:28 PST 2025
robimarko pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/38753dea6405fcc3b92994b0926d3bfd4760345f
commit 38753dea6405fcc3b92994b0926d3bfd4760345f
Author: Marko Zajc <marko at zajc.tel>
AuthorDate: Sat Apr 26 14:21:10 2025 +0200
dnsmasq: prevent upstream resolution of addresses
`list address` entries in /etc/config/dhcp are sometimes (I'm not sure
about the exact conditions) passed to upstream resolver, bypassing local
resolution. Adding them (minus the IP) to --local prevents this. In the
configuration, this means that
# /etc/config/dhcp
list address '/hello.com/world.com/1.2.3.4'
list address '/foo.com/bar.com/4.3.2.1'
which previously translated into
# /var/etc/dnsmasq.conf.*
address=/hello.com/world.com/1.2.3.4
address=/foo.com/bar.com/4.3.2.1
now becomes
# /var/etc/dnsmasq.conf.*
address=/hello.com/world.com/1.2.3.4
local=/hello.com/world.com/
address=/foo.com/bar.com/4.3.2.1
local=/foo.com/bar.com/
This behaviour is controlled by the `address_as_local` boolean option, which
defaults to false (old behaviour). openwrt/luci#7957 adds support for this flag
to LuCI.
A workaround for a small list of domains is to add them to `option local`,
but this is very tedious to do for every `list address` entry and dnsmasq
limits this option to 1024 characters.
Signed-off-by: Marko Zajc <marko at zajc.tel>
Link: https://github.com/openwrt/openwrt/pull/18610
Signed-off-by: Robert Marko <robimarko at gmail.com>
---
package/network/services/dnsmasq/files/dnsmasq.init | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index a0a644fcbd..61dc396707 100755
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -170,7 +170,9 @@ append_rev_server() {
}
append_address() {
+ local address_as_local="$2"
xappend "--address=$1"
+ [ $address_as_local -gt 0 ] && xappend "--local=${1%/*}/"
}
append_connmark_allowlist() {
@@ -1036,7 +1038,10 @@ dnsmasq_start()
config_list_foreach "$cfg" "listen_address" append_listenaddress
config_list_foreach "$cfg" "server" append_server
config_list_foreach "$cfg" "rev_server" append_rev_server
- config_list_foreach "$cfg" "address" append_address
+
+ local address_as_local
+ config_get address_as_local "$cfg" address_as_local 0
+ config_list_foreach "$cfg" "address" append_address "$address_as_local"
local connmark_allowlist_enable
config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
More information about the lede-commits
mailing list