[Dnsmasq-discuss] FreeBSD vs. "bind-interfaces" and "except-interface"
simon at thekelleys.org.uk
Wed Feb 16 16:41:49 GMT 2011
Matthias Andree wrote:
> dnsmasq 2.56 supposed to answer all but loopback. named (system default
> BIND 9.6.3, FreeBSD 8.2-PRERELEASE amd64) is bound to 127.0.0.1 and ::1
> port 53, confirmed with lsof. dnsmasq config is as follows:
> domain=example.org # real address here
> $ ifconfig lo0
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> inet6 ::1 prefixlen 128
> inet 127.0.0.1 netmask 0xff000000
> nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
> This does not work at all (dnsmasq binds to INADDR_ANY), queries to the
> local IP address (192.168.0.4) time out.
> I need to add bind-interfaces to the configuration so that things work -
> in that case, dnsmasq binds to 192.168.0.4 according to lsof.
> Is this a known issue on FreeBSD? What means are there to resolve this
> so that users don't fall into this trap?
The behavior is the same on all platforms.
Bind INADDR_ANY, implement --interface, --address, --except-interface by
examining incoming packets and discarding those we shouldn't answer.
Changes to interfaces (up, down, change address) are not a problem.
Specifying an interface which doesn't exist is just a warning. Binding
other servers to the same port doesn't work.
Enumerate the existing interfaces and their addresses at start up, bind
interface addresses according to --interface, --address,
--except-interface. Can fail if a specified interface doesn't exist,
interfaces which don't exist at startup will never be bound. Binding
other servers to the same port works.
Pick your poison, neither are ideal.
More information about the Dnsmasq-discuss