[Dnsmasq-discuss] Strange query-ports and server options dependencies

Simon Kelley simon at thekelleys.org.uk
Sun Jul 1 22:07:24 BST 2007

Pieter Hollants wrote:
> Hash: SHA1
> dnsmasq 2.35:
> If I specify
>  query-port=53
> it is no longer sufficient to specify
>  server=
> because this yields a
>  dnsmasq[28893]: ignoring nameserver - cannot make/bind
> socket: Permission denied
> error.
> I must then specify the server using an explicit interface IP as in
>  server= at
> Why is that?
> If I omit the "query-port" directive the result is
>  dnsmasq[28421]: using nameserver
> so apparantly the same.
> - --
> Pieter "Fate" Hollants <pieter at hollants.com>

Bah, ignore my last question: I see you're using 2.35.

I think you make have mis-understood the purpose of query-port: It's the 
port that dnsmasq send queries _from_ to upstream servers. Since dnsmasq 
is listening for queries on port 53, it can't listen for replies on the 
same port. You could use another port, say 54. The normal reason to do 
this is so that a firewall configuration knows wich port must be open so 
that replies from upstream servers can get through.

Do you get the same problem if you use a low port other than 53? I can't 
reproduce the problem with 2.35 on Linux.



More information about the Dnsmasq-discuss mailing list