[Dnsmasq-discuss] Strange query-ports and server
options dependencies
Simon Kelley
simon at thekelleys.org.uk
Sun Jul 1 22:07:24 BST 2007
Pieter Hollants wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> dnsmasq 2.35:
>
> If I specify
>
> query-port=53
>
> it is no longer sufficient to specify
>
> server=10.240.0.254
>
> because this yields a
>
> dnsmasq[28893]: ignoring nameserver 10.240.0.254 - cannot make/bind
> socket: Permission denied
>
> error.
>
> I must then specify the server using an explicit interface IP as in
>
> server=10.240.0.254 at 10.240.0.1
>
> Why is that?
>
> If I omit the "query-port" directive the result is
>
> dnsmasq[28421]: using nameserver 10.240.0.254#53
>
> so apparantly the same.
>
> - --
> Pieter "Fate" Hollants <pieter at hollants.com>
Bah, ignore my last question: I see you're using 2.35.
I think you make have mis-understood the purpose of query-port: It's the
port that dnsmasq send queries _from_ to upstream servers. Since dnsmasq
is listening for queries on port 53, it can't listen for replies on the
same port. You could use another port, say 54. The normal reason to do
this is so that a firewall configuration knows wich port must be open so
that replies from upstream servers can get through.
Do you get the same problem if you use a low port other than 53? I can't
reproduce the problem with 2.35 on Linux.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list