[Dnsmasq-discuss] dnsmasq to provide public DNS service

T o n g mlist4suntong at yahoo.com
Thu Jul 14 01:21:20 BST 2016


On Sun, 10 Jul 2016 21:50:03 +0200, Albert ARIBAUD wrote:

> Regarding running the DNS on TCP alone: problem is, you might force the
> dig command to use TCP, but that's a specific case; all DNS resolutions
> happening on your machine in any other process that dug will keep on
> trying UDP first when the request size warrants it, because that's the
> standard.

That's not a problem for me. If I have to use TCP, then I'll always use 
`dig +tcp`, so UDP will never be in the way. 

> OK, so no blocking at your box level except for what fail2ban may decide
> to block. Now we're faily sure your probelm is with either your ISP or
> your hosting provider.

After struggled for a few days, I finally decided that I should reply, to 
bring some closure on this. Thank you for all these days of your tireless 
help. However, my conclusion is still the same as my first post -- dnsmasq 
is unable to provide public DNS service -- It can be used as DNS server 
for local host, or local network, but just not for the general public. 
We've ruled out everything possible, and the only thing left is dnsmasq. 

I.e., if there is any probelm with my ISP or my hosting provider, I 
wouldn't have been able to start a working second SSH session listening 
to port 53 (instead of 22). 

In other words, all else the same, swap in SSH to listen to port 53, it 
works; swap in dnsmasq, and it fails. With all else the same, dnsmasq is 
the only problem. 

Thanks anyway for all your helps. 





More information about the Dnsmasq-discuss mailing list