[Dnsmasq-discuss] dnsmasq to provide public DNS service

T o n g mlist4suntong at yahoo.com
Sat Jul 9 03:08:36 BST 2016

On Fri, 08 Jul 2016 18:49:53 +0200, Albert ARIBAUD wrote:

>> > Once we have netcat available on both ends, we will be able to mimic
>> > DNS exchanges between the machines but without dnsmasq being
>> > involved;
>> The connect is not the problem. I've stopped dnsmasq temporarily and
>> start SSH listening to port 53 and I was able to connect from home.
> The SSH test only proves you can access the box on TCP port 22 (assuming
> you're usign the defaults) from your home; this does not prove anything
> regarding TCP port 53 or UDP port 53, which are what DNS uses.
> So:
> 1. Open a terminal and start an SSH session to your box. In this
>    session, disable dnsmasq then run
> 	netcat -u -l -p 53
> 3. On your home machine open one terminal and run
> 	netcat -u xyz 53
>    where xyz should be replaced with the public IP of your box.
> 4. Type some text then hit the Enter key on your home machine.
>    Does your box display the text?
> 5. Type some other text then hit the Enter key in the shell to your box.
>    Does the netcat running locally  display the text?

Sorry for responding late, because I didn't get anything from the server, 
my box. However, I did started a second SSH session before, to listen to 
port 53 instead of 22, and it worked before. Then I looked up... Long 
story short, 

If I start `netcat -t` then it works; if I start `netcat -u` then it 
doesn't work. I.e., the hosting company is blocking the UDP accesses. 

But my dnsmasq does listen to TCP port as well though:

$ netstat -lnp | grep :53
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0    *               
LISTEN      -               
tcp6       0      0 :::53                   :::*                    
LISTEN      -               
udp        0      0     *                           -               
udp6       0      
0 :::53                   :::*                                

Will TCP only without UDP not OK? 

I tried, 

dig +tcp +short cnn.com @mybox, and will get:

;; communications error to mybox_ip#53: connection reset

from my home or, 

;; communications error to mybox_ip#53: end of file

if trying from within my box. 

Why is that? 

More information about the Dnsmasq-discuss mailing list