why DNS server?

[efarshe]

I am wondering please why you need a DNS server here, in your DNSMASQ you would have pointed to your HTTP proxy instead, I think secuirty should be implemented at the proxy instead coz anyone could reach it if they know its address.

[corporate-gadfly]

I am wondering please why you need a DNS server here, in your DNSMASQ you would have pointed to your HTTP proxy instead, I think secuirty should be implemented at the proxy instead coz anyone could reach it if they know its address.

Sorry for the late response. AFAIK, dnsmasq only has the ability to specify the addresses of upstream servers. It cannot resolve addresses by itself. Hence the need for a DNS server. ACLs in bind are relatively easy.

[corporate-gadfly]

It cannot resolve addresses by itself.

I stand corrected. Looks like it can (using address= lines). Try it out and let us know.

[ClashTheBunny]

This is the way that I do it. I use dnsmasq with a giant address line pointing to my upstream transparent proxy's IP. address=/pandora.com/netflix.com/192.168.25.1

[corporate-gadfly]

Thanks for letting us know. One less thing to run on the VPS. :+1: I'll update the docs.