[Dnsmasq-discuss] dnsmasq to provide public DNS service
albert.aribaud at free.fr
Sat Jul 2 20:27:11 BST 2016
Le Sat, 2 Jul 2016 17:07:50 +0000 (UTC)
T o n g <mlist4suntong at yahoo.com> a écrit:
> Oh, sorry for responding late.
> The machine from which I run dig gets its DNS servers is the one that
> I tweaked the /etc/dnsmasq.d/public.conf file, by doing which my DNS
> breaks. And on removing the file, my DNS service (servered by local
> dnsmasq) works again.
> And, yes, basically I'm creating an open DNS server, and since nobody
> is doing that, I can't find any information on how to set it up
Nobody should do that indeed, because it is a very bad idea: your
machine may then serve as an amplifier for DDoS attacks.
Still, the configuration -- as far as dnsmasq is concerned -- is the
same for an open DNS and a LAN DNS.
Could you please describe your setup from a network perspective ?
> Please help. Thanks
> On Thu, 30 Jun 2016 14:37:17 +0200, Albert ARIBAUD wrote:
> > Hi Tong,
> > Le Thu, 30 Jun 2016 12:03:07 +0000 (UTC)
> > T o n g a écrit:
> >> Does no reply means impossible, or just nobody has look into it
> >> yet?
> > It is perfectly possible tu run dnsmasq as a "public" DNS, if by
> > this you mean "make it serve requests from other hosts than the one
> > it is running on", or even, "make it serve requests from any host"
> > -- although the latter is risky, as you'd basically create an open
> > DNS server.
> > Now, for th reason why your tests fail, there is not enough info in
> > your post to allow diagnosing what is wrong. Notably, you do not
> > indicate how the machine from which you run dig gets its DNS
> > servers: the issue could just as well be there.
> >> On Wed, 29 Jun 2016 03:28:02 +0000, T o n g wrote:
> >> > If I'm to provide DNS service to the public (outside my local
> >> > network) using dnsmasq, how to do it, e.g., how to set the
> >> > listen-address? It didn't work out of the box after I installed
> >> > it in my Ubuntu (16.04 LTS xenial) so I changed to the
> >> > following, but it stops working:
> >> >
> >> > $ cat /etc/dnsmasq.d/public.conf # listen to public
> >> > listen-address=0.0.0.0 # provide only DNS service and disable
> >> > DHCP and TFTP on it no-dhcp-interface=eth0
> >> >
> >> > $ dig +short docs.google.com ;; connection timed out; no
> >> > servers could be reached
> >> >
> >> > $ netstat -ulnp | grep :53 (Not all processes could be
> >> > identified, non-owned process info
> >> > will not be shown, you would have to be root to see it
> >> > all.) udp 0 0 0.0.0.0:53
> >> > 0.0.0.0:* -
> >> > udp6 0 0 :::53 :::*
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
More information about the Dnsmasq-discuss