[Dnsmasq-discuss] dnsmasq to provide public DNS service

Albert ARIBAUD albert.aribaud at free.fr
Tue Jul 5 17:55:59 BST 2016

Hi Tong,

Le Tue, 5 Jul 2016 00:42:25 +0000 (UTC)
T o n g <mlist4suntong at yahoo.com> a écrit:

> > 1) Does your dnsmasq host have access to the Internet?
> > 
> > 2) Have you configured your Internet access so that DNS requests
> > incoming from the outside are routed to your dnsmasq host?  
> Yeah, those "out-side" factors, I know how to control, and they are 
> working fine. For example, I have use `listen-address=`
> before to provide DNS service for my own home network, and it works
> fine. 

Yes, listening to a LAN address allows serving client on the LAN. But
this does absolutely not mean that conditions 1 and 2 above are met
and that clients from the Net can be served.

> This box I'm configuring, it has its own public IP, not on
> 192.168.x.x. The SSH, DNS, etc ports are open to the would as well. 

This piece of information raises a lot of questions. Could you please
anwer by 'yes' or 'no' to the following?

1. Does the "box" you are referring to run the dnsmasq you are trying
to configure?

2. Is this box also the gateway from your LAN to the Internet?

3. Does it hace two network interfaces, one facing the Internet and one
facing the LAN?

> Oh, should I listen to its Gateway IP instead of

You should not specifiy listen-address *at all* unless you want
your dnsmasq to serve *only* your LAN or to serve *only* the Net.

You should not even specify any interface= option.

> The outside world is not involved yet -- I haven't been able to make 
> itself work first. 

Before making dnsmasq work with clients from outside your LAN, you need
to verify that your "box" meets conditions 1 and 2 above.

Let's start with condition 1. You can check it by running a traceroute
from your "box" to some known internet host (e.g. google.com). What
does such a traceroute print out?


More information about the Dnsmasq-discuss mailing list