[Dnsmasq-discuss] Ability to not bind :: for DNS when binding wildcard

Geert Stappers stappers at stappers.nl
Mon Jul 6 20:28:14 BST 2020


On Mon, Jul 06, 2020 at 03:05:28PM +0200, Matthias May wrote:
> On 06/07/2020 14:54, Dominik wrote:
> > On 06.07.20 14:09, Matthias May wrote:
> >> Hi List
> >>
> >> I have run into the situation, that a customer wants to only bind the DNS service to 0.0.0.0 but not to ::
> >>
> >> I'm not sure this is possible.
> >> While i was able to make a config which binds only to 0.0.0.0 through a combination of
> >> --use-interfaces and --except-interface this results in a dnsmasq instance which does not handle DHCP anymore.
> >> I'm think i understand why this does not work.
> >>
> >> However i want to check with the list, if this is a reasonable need, and if i should send a patch
> >> which adds support for something like:
> >> --disable-ipv6-on-wildcard and --disable-ipv4-on-wildcard
> >> which would change the behaviour of
> >> void create_wildcard_listeners(void)
> >> so it doesn't unconditionally bind ipv4 and ipv6.
> >>
> >
> > more out of curiosity than anything else: What is a proper reason to
> > bind only to IPv4 but not IPv6 (or vice versa)?
> > Just checking here that your customer doesn't maybe want something silly
> > and you should rather explain to them why they actually don't want this.
> >
> 
> Well the system in question has
> net.ipv6.conf.all.disable_ipv6 = 1
> thus the expected output would be that no IPv6 bindings exist at all.
> I kind of understand that when IPv6 is disabled, that one would not expect to see :::53 in netstat -nlp

Me too ...


> On the other hand i also see that if no IPv6 address exist on the
> system, there is not much that can be done with :::53.  In the end
> probably more a cosmetic issue.

I do call it plain  ugly   :-)


> I was thinking into the direction that create_wildcard_listeners
> checks by itself if the system has IPv6 enabled/disabled, and also
> expose this as a manual know for an user to set.

Eat your heart out. Do feel free to share the patches with the mailing.

Wouldn't is be easier to compile with  IPv6 disabled?


Regards
Geert Stappers


P.S.
Thanks for making it possible to read in the discussion order
-- 
Silence is hard to parse



More information about the Dnsmasq-discuss mailing list