[Dnsmasq-discuss] restricting to one interface doesnt work

reiner otto augustus_meyer at yahoo.de
Tue Jun 24 21:42:40 UTC 2014 

Had the same problem: dnsmsq also listened on WAN-interface, which I did not want. 

SO:

# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=127.0.0.1
listen-address=192.168.182.1 #eth0
listen-address=192.168.20.1 #eth1
listen-address=192.168.60.1 #eth2
listen-address=192.168.70.1 #tun0


# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
bind-interfaces #<------------------------------------------------------------------------------------------------


MfG :-)



Oliver Rath <rath at mglug.de> schrieb am 23:30 Dienstag, 24.Juni 2014:
 


Hi list,

i try to restrict the dns of dnsmasq to one interface (3 existing
interfaces, I hided ppp0), but it seems, that it doesnt work.

My config:

server=//141.1.1.1
local=/heimserver/
address=/owncloud/192.168.0.254
dhcp-range=set:gw2,192.168.2.50,192.168.2.150,255.255.255.0,12h
dhcp-range=::,constructor:sixxs,ra-names
dhcp-range=::,constructor:p3p1,ra-names
dhcp-option=tag:gw2,128,192.168.2.254
dhcp-option=252,"http://heimserver/wpad.dat"
dhcp-option-force=208,f1:00:74:7e
dhcp-option-force=210,/opt/dmi/tftproot/
dhcp-boot=undionly.kkpxe
enable-tftp
tftp-root=/opt/dmi/tftproot
log-queries
log-dhcp

my ifconfig.

# ifconfig | grep mtu -A1
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
--
p1p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.254  netmask 255.255.255.0  broadcast 192.168.0.255
--
p2p1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.11.254  netmask 255.255.255.0  broadcast 192.168.11.255
--
p3p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.254  netmask 255.255.255.0  broadcast 192.168.2.255



So here only p3p1 is addressed here. But if i look for open ports, on
all interfaces 53 is open:

# nmap 192.168.11.254

Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for 192.168.11.254
Host is up (0.00014s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
749/tcp  open  kerberos-adm
2000/tcp open  cisco-sccp

Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds
heimserver dnsmasq.d # nmap 192.168.2.254

Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for 192.168.2.254
Host is up (0.00040s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
749/tcp  open  kerberos-adm
2000/tcp open  cisco-sccp

Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
heimserver dnsmasq.d # nmap 192.168.0.254

Starting Nmap 6.25 ( http://nmap.org ) at 2014-06-24 23:16 CEST
Nmap scan report for heimserver.koenigsteinstr.muc (192.168.0.254)
Host is up (0.00011s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
749/tcp  open  kerberos-adm
2000/tcp open  cisco-sccp

for being sure, dnsmasq is the only dns-server here, i did this:

# netstat -vanpe | grep :53
netstat: no support for `AF INET (sctp)' on this system.
netstat: no support for `AF INET (sctp)' on this system.
tcp        0      0 0.0.0.0:53              0.0.0.0:*              
LISTEN      0          1701253    12137/dnsmasq      
tcp        0      0 192.168.0.254:5038      192.168.0.1:53788      
VERBUNDEN   101        1666180    27070/asterisk    
tcp6       0      0 :::53                   :::*                  
LISTEN      0          1701256    12137/dnsmasq      
udp        0      0 0.0.0.0:53            
0.0.0.0:*                           0          1701252  
12137/dnsmasq      
udp6       0      0 :::53                  
:::*                                0          1701255  
12137/dnsmasq      
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

So whats wrong here? Has dnsmasq problems with interfaces named p1p1,
p2p1 etc. ?

Tfh!
Oliver



_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140624/254a4aac/attachment-0001.html>

More information about the Dnsmasq-discuss mailing list