mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-22 14:58:08 +00:00
Enable DNS forwarding loop detection
Found below by accident: ``` pi@ph5:~ $ man dnsmasq [..] --dns-loop-detect Enable code to detect DNS forwarding loops; ie the situa‐ tion where a query sent to one of the upstream server eventually returns as a new query to the dnsmasq instance. The process works by generating TXT queries of the form <hex>.test and sending them to each upstream server. The hex is a UID which encodes the instance of dnsmasq sending the query and the upstream server to which it was sent. If the query returns to the server which sent it, then the upstream server through which it was sent is disabled and this event is logged. Each time the set of upstream servers changes, the test is re-run on all of them, in‐ cluding ones which were previously disabled. ``` Seems to work just fine if I point my router 10.0.0.1 back to Pi-hole in the WAN DNS settings: ``` pi@ph5:~ $ grep server= -R /etc/dnsmasq.* /etc/dnsmasq.d/01-pihole.conf:server=9.9.9.10 /etc/dnsmasq.d/01-pihole.conf:server=149.112.112.10 /etc/dnsmasq.d/01-pihole.conf:server=10.0.0.1 /etc/dnsmasq.d/01-pihole.conf:rev-server=10.0.0.0/24,10.0.0.2 /etc/dnsmasq.d/01-pihole.conf:server=/dehakkelaar.nl/10.0.0.2 /etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/ ``` ``` pi@ph5:~ $ sudo tee /etc/dnsmasq.d/99-my-settings.conf <<< $'dns-loop-detect' dns-loop-detect ``` ``` pi@ph5:~ $ pihole restartdns [✓] Restarting DNS server ``` ``` pi@ph5:~ $ tail -F /var/log/pihole.log [..] Oct 22 18:17:41 dnsmasq[17301]: using nameserver 10.0.0.2#53 for domain dehakkelaar.nl Oct 22 18:17:41 dnsmasq[17301]: using nameserver 10.0.0.2#53 for domain 0.0.10.in-addr.arpa Oct 22 18:17:41 dnsmasq[17301]: NOT using nameserver 10.0.0.1#53 - query loop detected Oct 22 18:17:41 dnsmasq[17301]: using nameserver 149.112.112.10#53 Oct 22 18:17:41 dnsmasq[17301]: using nameserver 9.9.9.10#53 ```
This commit is contained in:
parent
50100017a5
commit
ad39ba30bd
@ -32,6 +32,8 @@ no-resolv
|
||||
server=@DNS1@
|
||||
server=@DNS2@
|
||||
|
||||
dns-loop-detect
|
||||
|
||||
interface=@INT@
|
||||
|
||||
cache-size=@CACHE_SIZE@
|
||||
|
Loading…
Reference in New Issue
Block a user