[Dnsmasq-discuss] restricting dnsmasq listen addresses
Carla Schroder
carla at bratgrrl.com
Mon Apr 9 22:53:46 BST 2007
On Monday 09 April 2007 14:07, Simon Kelley wrote:
> > But it still listens to all interfaces and addresses. Any ideas how to
> > make it listen only on certain interfaces or addresses?
>
> By default, dnsmasq rejects DNS queries in user space, not the kernel.
> Nmap may think that DNS is open to the world, but DNS requests from the
> world will be dropped.
>
> If you want to have the kernel do the access control instead of dnsmasq
> itself, use the "bind-interfaces" flag.
Perfect! Thank you. It is rather reassuring to see this:
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
619/dnsmasq
tcp 0 0 192.168.1.50:53 0.0.0.0:* LISTEN
619/dnsmasq
tcp 0 0 192.168.2.50:53 0.0.0.0:* LISTEN
619/dnsmasq
I didn't know that Dnsmsasq dropped outside DNS queries. Another excellent bit
of Dnsmasq lore to add to my collection.
thanks,
Carla
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook!
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Dnsmasq-discuss
mailing list