[Dnsmasq-discuss] Strange query-ports and server options dependencies

Simon Kelley simon at thekelleys.org.uk
Sun Jul 1 22:07:24 BST 2007


Pieter Hollants wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> dnsmasq 2.35:
> 
> If I specify
> 
>  query-port=53
> 
> it is no longer sufficient to specify
> 
>  server=10.240.0.254
> 
> because this yields a
> 
>  dnsmasq[28893]: ignoring nameserver 10.240.0.254 - cannot make/bind
> socket: Permission denied
> 
> error.
> 
> I must then specify the server using an explicit interface IP as in
> 
>  server=10.240.0.254 at 10.240.0.1
> 
> Why is that?
> 
> If I omit the "query-port" directive the result is
> 
>  dnsmasq[28421]: using nameserver 10.240.0.254#53
> 
> so apparantly the same.
> 
> - --
> Pieter "Fate" Hollants <pieter at hollants.com>

Bah, ignore my last question: I see you're using 2.35.

I think you make have mis-understood the purpose of query-port: It's the 
port that dnsmasq send queries _from_ to upstream servers. Since dnsmasq 
is listening for queries on port 53, it can't listen for replies on the 
same port. You could use another port, say 54. The normal reason to do 
this is so that a firewall configuration knows wich port must be open so 
that replies from upstream servers can get through.

Do you get the same problem if you use a low port other than 53? I can't 
reproduce the problem with 2.35 on Linux.

Cheers,

Simon.






More information about the Dnsmasq-discuss mailing list