From d631cd8b042bfafa299a4deef71211209d1b776a Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Sat, 10 Oct 2020 11:01:01 +0200
Subject: [PATCH] Security enhancement for the "never forward non-FQDNs"
 feature. This should prevent all local queries from being forwarded (will
 show up as blocked by regex) as well as any hostname without a domain (for
 example one word searches from the address bar in browsers). This fixes #3303

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 advanced/Scripts/webpage.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh
index 1f7cc728..408a1962 100755
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -167,9 +167,11 @@ ProcessDNSSettings() {
     fi
 
     delete_dnsmasq_setting "domain-needed"
+    delete_dnsmasq_setting "expand-hosts"
 
     if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
         add_dnsmasq_setting "domain-needed"
+        add_dnsmasq_setting "expand-hosts"
     fi
 
     delete_dnsmasq_setting "bogus-priv"
@@ -370,6 +372,7 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
 
     if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
         echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
+        echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}"
     fi
 
     # Sourced from setupVars