dnsmasq man手册: https://manpages.debian.org/buster/dnsmasq-base/dnsmasq.8.en.html
1、参数
--stop-dns-rebind
Reject (and log) addresses from upstream nameservers which are in the private IP ranges. This blocks an attack where a browser behind a firewall is used to probe machines on the local network.
--rebind-localhost-ok
Exempt 127.0.0.0/8 from rebinding checks. This address range is returned by realtime black hole servers, so blocking it may disable these services.
--rebind-domain-ok=[
Do not detect and block dns-rebind on queries to these domains. The argument may be either a single domain, or multiple domains surrounded by '/', like the --server syntax, eg. --rebind-domain-ok=/domain1/domain2/domain3/
DNS重绑定DNS Rebinding攻击 https://www.cnblogs.com/daxueba-ITdaren/p/6564532.html
2、dnsmasq配置文件详解
https://blog.csdn.net/weixin_34015860/article/details/93107032
3、dhcp option
https://blog.csdn.net/weixin_33725272/article/details/89861395