![]() Add Requestor MAC to DNS Query adds the internal requestor's MAC address to the query sent to the upstream DNS server, which could be necessary if the upstream server filters requests by MAC.See also: -strict-order in the man page.Otherwise, queries can go to any upstream server. Query DNS in Strict Order tells DNSmasq to query the upstream servers in the order entered, i.e.See also: -stop-dns-rebind in the man page, ext link on security implications.No DNS Rebind rejects IP address responses in the private IP ranges from upstream (i.e.See also: -proxy-dnssec in the man page.Cache size 0 is recommended when using this option. This option is available on some hardware that does not support direct DNSSEC validation, but it should only be used when the upstream server is trustworthy. Cache DNSSEC data copies the DNSSEC Authenticated Data bit from the upstream server.See also: -dnssec-check-unsigned in the man page.Check unsigned DNS replies also checks that unsigned DNS replies are legitimate (they belong to domains that actually do not publish DNSSEC records).Validate DNS Replies (DNSSEC) requests and validates DNSSEC records for domains that have them, if supported on your router model.Note that, as discussed in the forum thread, savvy users might still be able to communicate with external DNS servers on non-53 ports. Forced DNS redirection redirects all DNS requests on port 53 to DD-WRT's internal DNSmasq server, even if those requests were pointed directly at an external DNS server. ![]() See also: -dhcp-rapid-commit in the man page, RFC.RFC4039 Rapid Commit support removes a round trip by returning an address lease in response to a DHCPDISCOVER from a client that also supports Rapid Commit. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |