lixingcong / dnsmasq-regex Goto Github PK
View Code? Open in Web Editor NEWdnsmasq with regex match module(libpcre v8.45, the older version)
dnsmasq with regex match module(libpcre v8.45, the older version)
I am trying to use dnsmasq-regex on a FreeBSD 13.2 system:
$ uname -a
FreeBSD fbsd13_2 13.2-RELEASE FreeBSD 13.2-RELEASE releng/13.2-n254617-525ecfdad597 GENERIC amd64
$ c++ --version
FreeBSD clang version 14.0.5 (https://github.com/llvm/llvm-project.git llvmorg-14.0.5-0-gc12386ae247c)
Target: x86_64-unknown-freebsd13.2
Thread model: posix
InstalledDir: /usr/bin
and in doing so there are warnings when compiling due to data alignment issues:
8 warnings generated.
cc -Wall -W -O2 -DHAVE_REGEX -DVERSION='"2.89-44-g9bbf098"' -c nftset.c
In file included from nftset.c:18:
./dnsmasq.h:352:18: warning: field 'addr' with variable sized type 'union all_addr' not at the end of a struct or class is a GNU extension [-Wgnu-variable-sized-type-not-at-end]
union all_addr addr;
^
./dnsmasq.h:418:18: warning: field 'addr' with variable sized type 'union all_addr' not at the end of a struct or class is a GNU extension [-Wgnu-variable-sized-type-not-at-end]
union all_addr addr;
Are these warnings superficial and can they be ignored?
Or does one have to add some compiler flags?
Hi... Awesome work! But I recommend to change your Makefile to this to have the full power of dnsmasq:
# turn on/off for regex or regex_ipset
- DNSMASQ_COPTS="-DHAVE_REGEX -DHAVE_REGEX_IPSET"
+ DNSMASQ_COPTS="-DHAVE_IDN -DHAVE_DNSSEC -DHAVE_LUA -DHAVE_DBUS -DHAVE_libidn2 -DHAVE_CONNTRACK -DHAVE_REGEX -DHAVE_REGEX_IPSET -DHAVE_LUASCRIPT "
.PHONY: submodule
submodule:
- cd dnsmasq && $(MAKE) COPTS=$(DNSMASQ_COPTS)
+ cd dnsmasq && $(MAKE) all-i18n COPTS=$(DNSMASQ_COPTS)
$(BIN):$(PATCHED)
- cd dnsmasq && $(MAKE) COPTS=$(DNSMASQ_COPTS)
+ cd dnsmasq && $(MAKE) all-i18n COPTS=$(DNSMASQ_COPTS)
Now run make and you will have almost all options compiled into dnsmasq.
Keep up this great work!!!
I think I found a bug in regular expression matching:
The rule:
address=/:^[a-z]{4,4}[0-9]{2,2}$:/
Will not match abcd11.com
.
Neither will:
address=/:[a-z]{4,4}[0-9]{2,2}:/
address=/:[a-z]{4,4}[0-9]{2,2}$:/
dnsmasq.conf snippet:
server=/:.keyword.:/1.1.1.1
dig a.keyword.com
OK
dig a.keyword.com +tcp
gets REFUSED query response.
Example of config file example_config.conf:
# listening DNS port
port=30000
# do not read /etc/resolv.conf at all
no-resolv
# do not re-read /etc/resolv.conf when file was changed by ISP
no-poll
# default upstream dns server
server=1.1.1.1
address=/:setup.[a-zA-Z]+\.apple-dns\.net.:/10.10.10.10
log-debug
log-queries=extra
log-facility=/dev/stdout
keep-in-foreground
no-daemon
Running the dnsquery -C example_config.conf
Direct query for "setup.fe.apple-dns.net" works as expected:
username@mac:~$ dig @127.0.0.1 -p30000 -t A setup.fe.apple-dns.net. +short
10.10.10.10
However when I query "setup.icloud.com", which is a CNAME pointing to "setup.fe.apple-dns.net" it does not get processed trough address=/: ... :/ regex:
username@mac:~$ dig @127.0.0.1 -p30000 -t A setup.icloud.com +short
setup.fe.apple-dns.net.
17.248.190.138
17.248.190.206
17.248.190.112
17.248.190.68
17.248.168.72
17.248.190.71
17.248.168.68
17.248.190.104
Expected behavior would be for setup.icloud.com query to get "10.10.10.10" response, same as for setup.fe.apple-dns.net. Because setup.icloud.com is a CNAME pointing to setup.fe.apple-dns.net
Understand that in the config file below, the domain wx.qq.com
will be forwarded to upstream 1.1.1.1
, not 8.8.8.8
server=/:\.qq\.com:/1.1.1.1
server=/:\.qq\.com:/8.8.8.8
How can I modify the code to forward the domain (regex entries in general) to both 1.1.1.1
and 8.8.8.8
?
I have submitted the package to AUR (Archlinux User Repository), Archlinux users could install the package to their system easily by the package manager, using the following command:
yay -S dnsmasq-regex
Could you please add the information to README.md
?
I want to force a domain regex to an ip address, for example this
r([0-9]{1,2})[^ -].*.googlevideo.com
to
74.123.123.123, what is the writing format? I've tried several options but it doesn't work.
Hi,
I'm following the compile instructions exactly,
but on ./dnsmasq/src/dnsmasq --version
i get :
Dnsmasq version 2.89-44-g9bbf098 Copyright (c) 2000-2023 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n regex no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset auth no-cryptohash no-DNSSEC loop-detect no-inotify dumpfile
the compile options contain "regex" but not "regex(+ipset,nftset)"
is this because of "no-ipset no-nftset" coming from the main repo ?
What would be the syntax in the configuration file say to match the fqdns with a structured prefix. E.g.
A123TEST.bozo.net
C999HELLO.bozo.net
server=/:[A-D][0-9][0-9][0-9].*.bozo.net:/1.2.3.4
Does not seem to match the above queries and have them sent to 1.2.3.4
I have setup a list of allowed domains which previously worked on official dnsmasq like this:
[dnsmasq.conf]
# AdGuard IPv4/IPv6 nameservers
server=140.90.14.15
server=140.90.15.16
server=2a10:50c0::bad1:ff
server=2a10:50c0::bad2:ff
[blocklist.conf]
address=/*/#
server=/*.edu/#
server=/*.io/#
server=/*.org/#
The first address line blocks everything, so each individual domain that does not end in .edu, .io or .org needs to be unblocked manually, which is how I have configured my dnsmasq blocklist as you will see below, normally it would look like this:
server=/*abc.com/#
non-regex addresses like the three server lines after the address line works fine, however, when I use the regex syntax, the hashtag symbol (#) that normally redirects to the nameservers I previously configured stops working, along with dnsmasq built-in subdomain wildcard (*) support, which would accurately unblock both abc.com and subdomains of *.abc.com, while also preventing any typos from being unblocked like aabc.com and abcabc.org, etc. According to Perl Syntax described here, the [^...] metacharacter should match anything that's NOT within the brackets, this is required so the pattern can have more specificity and thus avoid blocking the previous examples of typos, see this Squid ERE regex syntax for example:
^.*\.?[^a-zA-Z0-9](keyword1|keyword2)\.[a-zA-Z]{2,}.*$
This Squid url_regex pattern blocks every keyword that's included in the pattern, the dnsmasq-regex equivalent which uses PCRE syntax should look something like this:
server=/:.*[.]?[^\w]abc[.]:/#
However since the hashtag (#) symbol stops working properly as previously stated, I have to manually specify the nameservers I already configured which can be quite cumbersome as I have many many domains that redirects to the default nameserver:
server=/:.*[.]?[^\w]abc[.]:/1.1.1.3
This does not work as expected, removing the [^\w] from the pattern will give unintended matches like aaaaaaaaaabc.com which is why it must be there to accurately block only the specified domain, but is the closest thing to a functional pattern.
I have compiled dnsmasq-regex with the options that are enabled by default on official dnsmasq package which are:
#define HAVE_DBUS
#define HAVE_CONNTRACK
#define HAVE_IDN
#define HAVE_LIBIDN2
#define HAVE_NFTSET
#define HAVE_DNSSEC
Since without HAVE_DBUS enabled, the new compiled dnsmasq-regex completely fails to launch, the others are also there because they already come with standard dnsmasq, so just for precaution I added them back.
Last but not least, check this
I am having an error on Android (LineageOS) I wonder if you can help me please..
I downloaded the Android NDK. Then I export the necessary variables:
export NDK_PROJECT_PATH=/home/myuser/Library/Projects/dnsmasq-Android/android-ndk-r26b/
export ANDROID_NDK=$NDK_PROJECT_PATH
export NDK=$NDK_PROJECT_PATH
export PATH=$NDK/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH
Then I build it using the NDK version of make:
../android-ndk-r26b/prebuilt/linux-x86_64/bin/make clean
../android-ndk-r26b/prebuilt/linux-x86_64/bin/make ARCH=arm64-v8a
Now it compiles fine. So I copy the executable to the phone and when I run it, it gives this error:
/system/bin/sh: /data/local/tmp/dnsmasq: not executable: 64-bit ELF file
If I run file dnsmasq
I get: dnsmasq: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=2957f2a589e1b2e1d7ab9c97a89c9121a6bcd5f4, for GNU/Linux 4.4.0, not stripped
Which looks like the executable wasn't compiled for Android.. Which means my compilaion commands aren't correct..
Are you familiar with Android building please?
From the doc:
The regex lines will generate a linkedlist to match(from top to bottom). If the domain matched both regex servers, DNS query will be forwarded the one which appears first.
Would it be possible to use that list as a failover? If the first not responds or fails, send the request to the second (or to the global server
definition)?
Hi Team - could we broaden the REGEX support and add such for the dhcp-host=
directive?
In my dnsmasq.conf file, I have two rules:
# Allow address:
server=/firebaseio.com/#
# Block any address containing 4 numbers:
address=/:.*[0-9]{4,4}.*:/
Now if I do dig firebaseio.com
, I get the correct server IP address. But if I do dig s-usc1a-nss-2026.firebaseio.com
(which is covered by the regex), then I get a NXDOMAIN/127.0.0.1
response.
Since the first rule exists before the second, logically it should override the regex. But it seems like it is not doing so. Is this the expected behaviour?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.