[Dnsmasq-discuss] restricting dnsmasq listen addresses

Carla Schroder carla at bratgrrl.com
Mon Apr 9 22:53:46 BST 2007


On Monday 09 April 2007 14:07, Simon Kelley wrote:
> > But it still listens to all interfaces and addresses. Any ideas how to
> > make it listen only on certain interfaces or addresses?
>
> By default, dnsmasq rejects DNS queries in user space, not the kernel.
> Nmap may think that DNS is open to the world, but DNS requests from the
> world will be dropped.
>
> If you want to have the kernel do the access control instead of dnsmasq
> itself, use the "bind-interfaces" flag.

Perfect! Thank you. It is rather reassuring to see this:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       
PID/Program name
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
619/dnsmasq
tcp        0      0 192.168.1.50:53         0.0.0.0:*               LISTEN     
619/dnsmasq
tcp        0      0 192.168.2.50:53         0.0.0.0:*               LISTEN     
619/dnsmasq

I didn't know that Dnsmsasq dropped outside DNS queries. Another excellent bit 
of Dnsmasq lore to add to my collection.

thanks,
Carla

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook! 
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the Dnsmasq-discuss mailing list