[Dnsmasq-discuss] dns query from localnetwork are blocked

samuel.lethiec at intelunix.fr samuel.lethiec at intelunix.fr
Fri Jan 2 07:21:38 GMT 2015


On 2015-01-02 02:42, T o n g wrote:
> On Thu, 01 Jan 2015 23:10:42 +0100, 
> samuel.lethiec-YHh4hrT2YEVlDBTeMj46bQ
> wrote:
> 
>>> Now, I've run out of all the possibilities.
>>> What could be the problem?
>> 
>> iptables-save is usually the recommended way to show your ruleset.
> 
> $ iptables-save | wc
>       0       0       0

Could you run the same command with sudo?
> 
>> Also, could you show the result of:
>> 
>> sudo ss -o state listening -utp 'sport = :domain'
> 
> $ sudo ss -o state listening -utp 'sport = :domain'
> Netid  Recv-Q Send-Q        Local Address:Port            Peer
> Address:Port
> tcp    0      5                 127.0.0.1:domain
> *:*        users:(("dnsmasq",pid=1570,fd=11))
> tcp    0      5             192.168.2.100:domain
> *:*        users:(("dnsmasq",pid=1570,fd=9))
> tcp    0      5             192.168.2.101:domain
> *:*        users:(("dnsmasq",pid=1570,fd=7))
> tcp    0
> 5                       ::1:domain                    :::*        
> users:
> (("dnsmasq",pid=1570,fd=15))
> tcp    0      5      fe80::216:76ff:fedc:8482%
> eth0:domain                    :::*        users:
> (("dnsmasq",pid=1570,fd=13))
> 

This looks fine and if your firewall ruleset is indeed empty, you'd 
need to sniff network(e.g. with tcpdump) on the server to see whether 
dns requests really reach it or not.


> Thanks
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list