[Dnsmasq-discuss] restricting dnsmasq listen addresses

Carla Schroder carla at bratgrrl.com
Mon Apr 9 22:53:46 BST 2007

On Monday 09 April 2007 14:07, Simon Kelley wrote:
> > But it still listens to all interfaces and addresses. Any ideas how to
> > make it listen only on certain interfaces or addresses?
> By default, dnsmasq rejects DNS queries in user space, not the kernel.
> Nmap may think that DNS is open to the world, but DNS requests from the
> world will be dropped.
> If you want to have the kernel do the access control instead of dnsmasq
> itself, use the "bind-interfaces" flag.

Perfect! Thank you. It is rather reassuring to see this:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       
PID/Program name
tcp        0      0  *               LISTEN     
tcp        0      0*               LISTEN     
tcp        0      0*               LISTEN     

I didn't know that Dnsmsasq dropped outside DNS queries. Another excellent bit 
of Dnsmasq lore to add to my collection.


Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook! 
best book for sysadmins and power users

More information about the Dnsmasq-discuss mailing list