[Dnsmasq-discuss] dnsmasq to provide public DNS service
T o n g
mlist4suntong at yahoo.com
Thu Jul 7 03:41:15 BST 2016
On Tue, 05 Jul 2016 18:55:59 +0200, Albert ARIBAUD wrote:
> Hi Tong,
> Le Tue, 5 Jul 2016 00:42:25 +0000 (UTC)
> T o n g <mlist4suntong at yahoo.com> a écrit:
>> > 1) Does your dnsmasq host have access to the Internet?
>> > 2) Have you configured your Internet access so that DNS requests
>> > incoming from the outside are routed to your dnsmasq host?
>> Yeah, those "out-side" factors, I know how to control, and they are
>> working fine. For example, I have use `listen-address=192.168.1.1`
>> before to provide DNS service for my own home network, and it works
> Yes, listening to a LAN address allows serving client on the LAN. But
> this does absolutely not mean that conditions 1 and 2 above are met and
> that clients from the Net can be served.
>> This box I'm configuring, it has its own public IP, not on 192.168.x.x.
>> The SSH, DNS, etc ports are open to the would as well.
> This piece of information raises a lot of questions. Could you please
> anwer by 'yes' or 'no' to the following?
> 1. Does the "box" you are referring to run the dnsmasq you are trying to
Yes, the "box" is what I referred as the machine that I run the dnsmasq
and trying to configure. This is the only thing I'm talking about so far.
> 2. Is this box also the gateway from your LAN to the Internet?
> 3. Does it hace two network interfaces, one facing the Internet and one
> facing the LAN?
Once again, the box I'm configuring, is a dedicated servers from the
hosting company, and I have full (remote) control of it and have
installed the latest Ubuntu into it. it has its own realy public IP. The
SSH, DNS, etc ports are open to the would as well.
>> Oh, should I listen to its Gateway IP instead of 0.0.0.0?
> You should not specifiy listen-address *at all* unless you want your
> dnsmasq to serve *only* your LAN or to serve *only* the Net.
> You should not even specify any interface= option.
OK. So how dnsmasq decides whether to serve local host, or local network
(LAN) or the general public (WAN)? If is it not listen-address, then what
>> The outside world is not involved yet -- I haven't been able to make
>> itself work first.
> Before making dnsmasq work with clients from outside your LAN, you need
> to verify that your "box" meets conditions 1 and 2 above.
> Let's start with condition 1. You can check it by running a traceroute
> from your "box" to some known internet host (e.g. google.com). What does
> such a traceroute print out?
What do you need the traceroute print out for?
Can the dnsmasq be used as DNS server not only to local host, or local
network, but also the general public as well or not? If yes, what would
the configuration be?
Does dnsmasq comes with that feature (serving the local network or the
general public) out of box? Else what kind of alternation need to be made
to the configuration file?
More information about the Dnsmasq-discuss