[Dnsmasq-discuss] Let dnsmasq only reply the queries from the tun* interfaces.

Simon Kelley simon at thekelleys.org.uk
Tue Mar 1 18:43:43 GMT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


That should, I think work, and a quick test here, indicates that it
does seem to.


Please could you start dnsmasq as you describe, and then post the
result of running the command


 netstat -apn | grep dnsmasq


here? That will tell us which IP addresses dnsmasq is listening on,
which is what we're trying to control here.


Cheers,

Simon.




On 26/02/16 13:13, Hongyi Zhao wrote:
> Hi all,
> 
> I have eth0 and openvpn's tun* interfaces on my Debian Jessie box.
> I want to let dnsmasq only reply the queries from the tun*
> interfaces. And if the tun* interfaces doesn't exist, the dnsmasq
> shouldn't do the query and thus give anything.
> 
> I do the following testing but failed:
> 
> The conf file is as follows:
> 
> ----------- log-queries=extra log-async=100 no-hosts no-resolv 
> cache-size=0 no-daemon interface=tun* except-interface=eth* 
> no-dhcp-interface=* bind-dynamic all-servers server=203.253.64.1 
> server=168.126.63.1 -----------
> 
> Before I run the openvpn client to connect to any vpn servers, I
> start the dnsmasq as follows with the above conf file:
> 
> $ sudo dnasq -p 5360 -C the-conf-file dnsmasq: started, version
> 2.76test10-4-gbec366b cache disabled dnsmasq: compile time options:
> IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 Lua TFTP conntrack ipset
> auth DNSSEC loop-detect inotify dnsmasq: warning: interface tun*
> does not currently exist dnsmasq: asynchronous logging enabled,
> queue limit is 100 messages dnsmasq: using nameserver
> 168.126.63.1#53 dnsmasq: using nameserver 203.253.64.1#53
> 
> Then I do the dig test:
> 
> $ dig +short -p5360 baidu.com 220.181.57.217 111.13.101.208 
> 123.125.114.144 180.149.132.47
> 
> And the corresponding log of dnsmasq is as follows:
> 
> dnsmasq: 1 192.168.0.2/36160 query[A] baidu.com from 192.168.0.2 
> dnsmasq: 1 192.168.0.2/36160 forwarded baidu.com to 168.126.63.1 
> dnsmasq: 1 192.168.0.2/36160 forwarded baidu.com to 203.253.64.1 
> dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 220.181.57.217 
> dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 111.13.101.208 
> dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 123.125.114.144 
> dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 180.149.132.47
> 
> As you can see, I currently haven't any tun* devices available and 
> reject the queries from the eth* devices.  Why still the dnsmasq
> will do the dns queries?
> 
> Furthermore, is it possible to let dnsmasq do the dns queries just
> as I described here?
> 
> Regards
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJW1eLfAAoJEBXN2mrhkTWiW6QP/jd95SIMyXkjmgKkmrWAUzAa
TkRbKFOp8qvvegaTkDnUlCBlpjrybS9xbU1Zlh/Z98vD18PFuWo8Lz73QyvO3M+l
sO9W+ameYX3Ln8pbmwSPTHBlFEWFb+FC6u+dDy4ZzT++v4jINRGkkSFTRzE7lcpR
DmqjN4F8g+zO6wXG3cnLJmWJI4pgFa410UIL2PoDL792liebzM68bUVf+jLUhEZ/
NTGWzhjtzgabn176NTS2//SgU8Qvf7V1o8NTikdUMgHqpmcpHlKYlVRuiGORZXSD
IMKGXEetG4wPjOtZvOmyhz3K1AFbPIYcAmP7EfYZIu2r9vviUsIhQXdGqAJ7vJmZ
FJi8rEEC5Mj2zxOQ2oxG5YOPX/LVSw49KxEIOAqysJxYeanOTQIcW/6JFGW/9gbH
yX5rDpAHsJk7fHV6kIPrajamgI7Jn9iGkPIacKs3MtWlnrq+A4wDzQbMBqwRV5/2
ct7BDUB+4oT722zQyTJ1Qn5OjC08OUarPt4U7iq1B3oPEeMcG0g+PKWGuUMh1FRB
g0TB8qs+TI8iiwC8hLU9OKLAYjlUQfGAv/w7yZakPWlW5wQx5I1Gpqvf2vdN44ex
BAQjgtZjT4/FPTRsIJ+A5842Q9PxFaRdXMhyHyZrBlSoFj2eHJNefKyvvX1UIgBQ
iBd/WKXiaGw3Uwwi43yy
=nvF/
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list