[Dnsmasq-discuss] dnsmasq to provide public DNS service

T o n g mlist4suntong at yahoo.com
Sun Jul 3 23:40:05 BST 2016


On Sat, 02 Jul 2016 21:27:11 +0200, Albert ARIBAUD wrote:

>> The machine from which I run dig gets its DNS servers is the one that I
>> tweaked the /etc/dnsmasq.d/public.conf file, by doing which my DNS
>> breaks. And on removing the file, my DNS service (servered by local
>> dnsmasq) works again.
>> 
>> And, yes, basically I'm creating an open DNS server, and since nobody
>> is doing that, I can't find any information on how to set it up
>> properly.
> 
> Nobody should do that indeed, because it is a very bad idea: your
> machine may then serve as an amplifier for DDoS attacks.

I'm more interested to know how to do that than actually provide the DNS 
service. BTW, on to that thought, how the ISP or Google's DNS server able 
to avoid being an amplifier for DDoS attacks?

> Still, the configuration -- as far as dnsmasq is concerned -- is the
> same for an open DNS and a LAN DNS.
> 
> Could you please describe your setup from a network perspective ?

I don't quite understand what you are asking. Consider it is my own box 
behind my ISP. How this network setup has anything to do with the 
question? 

Ideally, I just want to use a file, say /etc/dnsmasq.d/public.conf, to 
turn it on. Then, I can easily turn it off by removing the file. It's not 
just I'm broadcasting to the world that I have this. It's for my own 
personal usage. Had I been able to do it myself, there won't be a public 
discussion/announcement of it. I.e., nobody would have known. 

>> On Thu, 30 Jun 2016 14:37:17 +0200, Albert ARIBAUD wrote:
>> 
>> > Hi Tong,
>> > 
>> > Le Thu, 30 Jun 2016 12:03:07 +0000 (UTC)
>> > T o n g a écrit:
>> >   
>> >> Does no reply means impossible, or just nobody has look into it yet?
>> > 
>> > It is perfectly possible tu run dnsmasq as a "public" DNS, if by this
>> > you mean "make it serve requests from other hosts than the one it is
>> > running on", or even, "make it serve requests from any host" --
>> > although the latter is risky, as you'd basically create an open DNS
>> > server.
>> > 
>> > Now, for th reason why your tests fail, there is not enough info in
>> > your post to allow diagnosing what is wrong. Notably, you do not
>> > indicate how the machine from which you run dig gets its DNS servers:
>> > the issue could just as well be there.
>> >   
>> >> On Wed, 29 Jun 2016 03:28:02 +0000, T o n g wrote:
>> >>   
>> >> > If I'm to provide DNS service to the public (outside my local
>> >> > network) using dnsmasq, how to do it, e.g., how to set the
>> >> > listen-address? It didn't work out of the box after I installed it
>> >> > in my Ubuntu (16.04 LTS xenial) so I changed to the following, but
>> >> > it stops working:
>> >> > 
>> >> >     $ cat /etc/dnsmasq.d/public.conf # listen to public
>> >> >     listen-address=0.0.0.0 # provide only DNS service and disable
>> >> > DHCP and TFTP on it no-dhcp-interface=eth0
>> >> > 
>> >> >     $ dig +short docs.google.com ;; connection timed out; no
>> >> > servers could be reached
>> >> > 
>> >> >     $ netstat -ulnp | grep :53 (Not all processes could be
>> >> > identified, non-owned process info
>> >> > 	 will not be shown, you would have to be root to see it
>> >> > all.) udp        0      0 0.0.0.0:53 0.0.0.0:* -
>> >> >     udp6       0      0 :::53                   :::*
>> 
>> 
>> 
>> _______________________________________________
>> Dnsmasq-discuss mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
> 
> 
> Amicalement,





More information about the Dnsmasq-discuss mailing list