[Dnsmasq-discuss] Let dnsmasq only reply the queries from the tun* interfaces.
Simon Kelley
simon at thekelleys.org.uk
Tue Mar 1 18:43:43 GMT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
That should, I think work, and a quick test here, indicates that it
does seem to.
Please could you start dnsmasq as you describe, and then post the
result of running the command
netstat -apn | grep dnsmasq
here? That will tell us which IP addresses dnsmasq is listening on,
which is what we're trying to control here.
Cheers,
Simon.
On 26/02/16 13:13, Hongyi Zhao wrote:
> Hi all,
>
> I have eth0 and openvpn's tun* interfaces on my Debian Jessie box.
> I want to let dnsmasq only reply the queries from the tun*
> interfaces. And if the tun* interfaces doesn't exist, the dnsmasq
> shouldn't do the query and thus give anything.
>
> I do the following testing but failed:
>
> The conf file is as follows:
>
> ----------- log-queries=extra log-async=100 no-hosts no-resolv
> cache-size=0 no-daemon interface=tun* except-interface=eth*
> no-dhcp-interface=* bind-dynamic all-servers server=203.253.64.1
> server=168.126.63.1 -----------
>
> Before I run the openvpn client to connect to any vpn servers, I
> start the dnsmasq as follows with the above conf file:
>
> $ sudo dnasq -p 5360 -C the-conf-file dnsmasq: started, version
> 2.76test10-4-gbec366b cache disabled dnsmasq: compile time options:
> IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 Lua TFTP conntrack ipset
> auth DNSSEC loop-detect inotify dnsmasq: warning: interface tun*
> does not currently exist dnsmasq: asynchronous logging enabled,
> queue limit is 100 messages dnsmasq: using nameserver
> 168.126.63.1#53 dnsmasq: using nameserver 203.253.64.1#53
>
> Then I do the dig test:
>
> $ dig +short -p5360 baidu.com 220.181.57.217 111.13.101.208
> 123.125.114.144 180.149.132.47
>
> And the corresponding log of dnsmasq is as follows:
>
> dnsmasq: 1 192.168.0.2/36160 query[A] baidu.com from 192.168.0.2
> dnsmasq: 1 192.168.0.2/36160 forwarded baidu.com to 168.126.63.1
> dnsmasq: 1 192.168.0.2/36160 forwarded baidu.com to 203.253.64.1
> dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 220.181.57.217
> dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 111.13.101.208
> dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 123.125.114.144
> dnsmasq: 1 192.168.0.2/36160 reply baidu.com is 180.149.132.47
>
> As you can see, I currently haven't any tun* devices available and
> reject the queries from the eth* devices. Why still the dnsmasq
> will do the dns queries?
>
> Furthermore, is it possible to let dnsmasq do the dns queries just
> as I described here?
>
> Regards
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJW1eLfAAoJEBXN2mrhkTWiW6QP/jd95SIMyXkjmgKkmrWAUzAa
TkRbKFOp8qvvegaTkDnUlCBlpjrybS9xbU1Zlh/Z98vD18PFuWo8Lz73QyvO3M+l
sO9W+ameYX3Ln8pbmwSPTHBlFEWFb+FC6u+dDy4ZzT++v4jINRGkkSFTRzE7lcpR
DmqjN4F8g+zO6wXG3cnLJmWJI4pgFa410UIL2PoDL792liebzM68bUVf+jLUhEZ/
NTGWzhjtzgabn176NTS2//SgU8Qvf7V1o8NTikdUMgHqpmcpHlKYlVRuiGORZXSD
IMKGXEetG4wPjOtZvOmyhz3K1AFbPIYcAmP7EfYZIu2r9vviUsIhQXdGqAJ7vJmZ
FJi8rEEC5Mj2zxOQ2oxG5YOPX/LVSw49KxEIOAqysJxYeanOTQIcW/6JFGW/9gbH
yX5rDpAHsJk7fHV6kIPrajamgI7Jn9iGkPIacKs3MtWlnrq+A4wDzQbMBqwRV5/2
ct7BDUB+4oT722zQyTJ1Qn5OjC08OUarPt4U7iq1B3oPEeMcG0g+PKWGuUMh1FRB
g0TB8qs+TI8iiwC8hLU9OKLAYjlUQfGAv/w7yZakPWlW5wQx5I1Gpqvf2vdN44ex
BAQjgtZjT4/FPTRsIJ+A5842Q9PxFaRdXMhyHyZrBlSoFj2eHJNefKyvvX1UIgBQ
iBd/WKXiaGw3Uwwi43yy
=nvF/
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list