[Dnsmasq-discuss] Limit DNS queries to the local subnet clients

Jim Alles kb3tbx at gmail.com
Sat Nov 30 02:34:58 GMT 2013


Édouard Thuleau <thuleau at gmail.com> wrote:
Nov 28 (1 day ago)
to dnsmasq-discuss
Hi,

I'm new with dnsmasq and I like to know if we can limit it to answer
DNS queries only to clients of the subnet served by dnsmasq or to a
defined subnet ?

Regards,
Édouard.
________________

Is it not as simple as this?

"One you will probably want to do is tell dnsmasq which ethernet
interface it can and cannot listen on, as we really don't want it
listening on the internet. By default dnsmasq offers DNS service on
all the configured interfaces of a host. It's likely that you don't
(for instance) want to offer a DNS service to the world via an
interface connected to ADSL or cable-modem so dnsmasq allows you to
specify which interfaces it will listen on. Use either the interface
or address options to do this.

If I didn't edit this line, it would also listen on eth0, my internet
connection. I personally wouldn't recommend this, as it gives those
evil guys a few doors to try to break into.

except-interface=<WAN interface name (ethN)>"

Peace,

Jim Alles



More information about the Dnsmasq-discuss mailing list