[Dnsmasq-discuss] Let dnsmasq only reply the queries from the tun* interfaces.

Hongyi Zhao hongyi.zhao at gmail.com
Fri Feb 26 13:13:06 GMT 2016


Hi all,

I have eth0 and openvpn's tun* interfaces on my Debian Jessie box. I
want to let dnsmasq only reply the queries from the tun* interfaces.
And if the tun* interfaces doesn't exist, the dnsmasq shouldn't do the
query and thus give anything.

I do the following testing but failed:

The conf file is as follows:

-----------
log-queries=extra
log-async=100
no-hosts
no-resolv
cache-size=0
no-daemon
interface=tun*
except-interface=eth*
no-dhcp-interface=*
bind-dynamic
all-servers
server=203.253.64.1
server=168.126.63.1
-----------

Before I run the openvpn client to connect to any vpn servers, I start
the dnsmasq as follows with the above conf file:

$ sudo dnasq -p 5360 -C the-conf-file
dnsmasq: started, version 2.76test10-4-gbec366b cache disabled
dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP
DHCPv6 Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
dnsmasq: warning: interface tun* does not currently exist
dnsmasq: asynchronous logging enabled, queue limit is 100 messages
dnsmasq: using nameserver 168.126.63.1#53
dnsmasq: using nameserver 203.253.64.1#53

Then I do the dig test:

$ dig +short -p5360 baidu.com
220.181.57.217
111.13.101.208
123.125.114.144
180.149.132.47

And the corresponding log of dnsmasq is as follows:

dnsmasq: 1 192.168.0.2/36160 query[A] baidu.com from 192.168.0.2
dnsmasq: 1 192.168.0.2/36160 forwarded baidu.com to 168.126.63.1
dnsmasq: 1 192.168.0.2/36160 forwarded baidu.com to 203.253.64.1
dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 220.181.57.217
dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 111.13.101.208
dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 123.125.114.144
dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 180.149.132.47

As you can see, I currently haven't any tun* devices available and
reject the queries from the eth* devices.  Why still the dnsmasq will
do the dns queries?

Furthermore, is it possible to let dnsmasq do the dns queries just as
I described here?

Regards
-- 
Hongyi Zhao <hongyi.zhao at gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493



More information about the Dnsmasq-discuss mailing list