[Dnsmasq-discuss] dnsmasq to provide public DNS service

Albert ARIBAUD albert.aribaud at free.fr
Sat Jul 2 20:27:11 BST 2016 

Hi Tong,

Le Sat, 2 Jul 2016 17:07:50 +0000 (UTC)
T o n g <mlist4suntong at yahoo.com> a écrit:

> Oh, sorry for responding late. 
> 
> The machine from which I run dig gets its DNS servers is the one that
> I tweaked the /etc/dnsmasq.d/public.conf file, by doing which my DNS 
> breaks. And on removing the file, my DNS service (servered by local 
> dnsmasq) works again. 
> 
> And, yes, basically I'm creating an open DNS server, and since nobody
> is doing that, I can't find any information on how to set it up
> properly. 

Nobody should do that indeed, because it is a very bad idea: your
machine may then serve as an amplifier for DDoS attacks.

Still, the configuration -- as far as dnsmasq is concerned -- is the
same for an open DNS and a LAN DNS.

Could you please describe your setup from a network perspective ?

> Please help. Thanks
> 
> On Thu, 30 Jun 2016 14:37:17 +0200, Albert ARIBAUD wrote:
> 
> > Hi Tong,
> > 
> > Le Thu, 30 Jun 2016 12:03:07 +0000 (UTC)
> > T o n g a écrit:
> >   
> >> Does no reply means impossible, or just nobody has look into it
> >> yet?  
> > 
> > It is perfectly possible tu run dnsmasq as a "public" DNS, if by
> > this you mean "make it serve requests from other hosts than the one
> > it is running on", or even, "make it serve requests from any host"
> > -- although the latter is risky, as you'd basically create an open
> > DNS server.
> > 
> > Now, for th reason why your tests fail, there is not enough info in
> > your post to allow diagnosing what is wrong. Notably, you do not
> > indicate how the machine from which you run dig gets its DNS
> > servers: the issue could just as well be there.
> >   
> >> On Wed, 29 Jun 2016 03:28:02 +0000, T o n g wrote:
> >>   
> >> > If I'm to provide DNS service to the public (outside my local
> >> > network) using dnsmasq, how to do it, e.g., how to set the
> >> > listen-address? It didn't work out of the box after I installed
> >> > it in my Ubuntu (16.04 LTS xenial) so I changed to the
> >> > following, but it stops working:
> >> > 
> >> >     $ cat /etc/dnsmasq.d/public.conf # listen to public
> >> >     listen-address=0.0.0.0 # provide only DNS service and disable
> >> > DHCP and TFTP on it no-dhcp-interface=eth0
> >> > 
> >> >     $ dig +short docs.google.com ;; connection timed out; no
> >> > servers could be reached
> >> > 
> >> >     $ netstat -ulnp | grep :53 (Not all processes could be
> >> > identified, non-owned process info
> >> > 	 will not be shown, you would have to be root to see it
> >> > all.) udp        0      0 0.0.0.0:53
> >> > 0.0.0.0:* -
> >> >     udp6       0      0 :::53                   :::*  
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



Amicalement,
-- 
Albert.

More information about the Dnsmasq-discuss mailing list