[Dnsmasq-discuss] restricting dnsmasq listen addresses
carla at bratgrrl.com
Mon Apr 9 22:53:46 BST 2007
On Monday 09 April 2007 14:07, Simon Kelley wrote:
> > But it still listens to all interfaces and addresses. Any ideas how to
> > make it listen only on certain interfaces or addresses?
> By default, dnsmasq rejects DNS queries in user space, not the kernel.
> Nmap may think that DNS is open to the world, but DNS requests from the
> world will be dropped.
> If you want to have the kernel do the access control instead of dnsmasq
> itself, use the "bind-interfaces" flag.
Perfect! Thank you. It is rather reassuring to see this:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.50:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.2.50:53 0.0.0.0:* LISTEN
I didn't know that Dnsmsasq dropped outside DNS queries. Another excellent bit
of Dnsmasq lore to add to my collection.
Linux geek and random computer tamer
check out my Linux Cookbook!
best book for sysadmins and power users
More information about the Dnsmasq-discuss