[Dnsmasq-discuss] dnsmasq to provide public DNS service

T o n g mlist4suntong at yahoo.com
Thu Jul 7 03:41:15 BST 2016

On Tue, 05 Jul 2016 18:55:59 +0200, Albert ARIBAUD wrote:

> Hi Tong,
> Le Tue, 5 Jul 2016 00:42:25 +0000 (UTC)
> T o n g <mlist4suntong at yahoo.com> a écrit:
>> > 1) Does your dnsmasq host have access to the Internet?
>> > 
>> > 2) Have you configured your Internet access so that DNS requests
>> > incoming from the outside are routed to your dnsmasq host?
>> Yeah, those "out-side" factors, I know how to control, and they are
>> working fine. For example, I have use `listen-address=`
>> before to provide DNS service for my own home network, and it works
>> fine.
> Yes, listening to a LAN address allows serving client on the LAN. But
> this does absolutely not mean that conditions 1 and 2 above are met and
> that clients from the Net can be served.
>> This box I'm configuring, it has its own public IP, not on 192.168.x.x.
>> The SSH, DNS, etc ports are open to the would as well.
> This piece of information raises a lot of questions. Could you please
> anwer by 'yes' or 'no' to the following?
> 1. Does the "box" you are referring to run the dnsmasq you are trying to
> configure?

Yes, the "box" is what I referred as the machine that I run the dnsmasq 
and trying to configure. This is the only thing I'm talking about so far. 
Nothing else. 

> 2. Is this box also the gateway from your LAN to the Internet?


> 3. Does it hace two network interfaces, one facing the Internet and one
> facing the LAN?


Once again, the box I'm configuring, is a dedicated servers from the 
hosting company, and I have full (remote) control of it and have 
installed the latest Ubuntu into it. it has its own realy public IP. The 
SSH, DNS, etc ports are open to the would as well.

>> Oh, should I listen to its Gateway IP instead of
> You should not specifiy listen-address *at all* unless you want your
> dnsmasq to serve *only* your LAN or to serve *only* the Net.
> You should not even specify any interface= option.

OK. So how dnsmasq decides whether to serve local host, or local network 
(LAN) or the general public (WAN)? If is it not listen-address, then what 
it is? 

>> The outside world is not involved yet -- I haven't been able to make
>> itself work first.
> Before making dnsmasq work with clients from outside your LAN, you need
> to verify that your "box" meets conditions 1 and 2 above.
> Let's start with condition 1. You can check it by running a traceroute
> from your "box" to some known internet host (e.g. google.com). What does
> such a traceroute print out?

What do you need the traceroute print out for? 

Can the dnsmasq be used as DNS server not only to local host, or local 
network, but also the general public as well or not? If yes, what would 
the configuration be? 

Does dnsmasq comes with that feature (serving the local network or the 
general public) out of box? Else what kind of alternation need to be made 
to the configuration file? 

More information about the Dnsmasq-discuss mailing list