Strip EDNS(0) Client Subnet / MAC information if --strip-subnet or --strip-mac is set. If both the add and strip options are set, incoming EDNS0 options are replaced. This ensures we do not unintentionally forward client information somewhere upstream when ECS is used in lower DNS layers in our local network.

Signed-off-by: DL6ER <dl6er@dl6er.de>
2025-12-19 10:18:25 +00:00 · 2022-01-07 06:11:53 +01:00
parent 4308236262
commit 3ab0ad8748
3 changed files with 35 additions and 8 deletions
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -277,7 +277,9 @@ struct event_desc {
 #define OPT_QUIET_TFTP     66
 #define OPT_FILTER_A       67
 #define OPT_FILTER_AAAA    68
-#define OPT_LAST           69
+#define OPT_STRIP_ECS      69
+#define OPT_STRIP_MAC      70
+#define OPT_LAST           71

 #define OPTION_BITS (sizeof(unsigned int)*8)
 #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )