[Dnsmasq-discuss] Restrict nameserver interfaces but not dhcp ones

Luigi Baldoni aloisio at gmx.com
Fri Jan 5 13:03:58 UTC 2024 

On 5 January 2024, Geert Stappers wrote:
> On Fri, Jan 05, 2024 at 09:58:19AM +0100, Luigi Baldoni wrote:
> > On 4 January 2024, Geert Stappers wrote:
> > > On Thu, Jan 04, 2024 at 08:08:46PM +0100, Luigi Baldoni wrote:
> > > >
> > > > I'm trying to get rid of a second (kea) dhcp server and
> > > > hopefully be able to do everything I need with dnsmasq.
> > > >
> > > > The main hurdle, so far, is to run the nameserver only
> > > > on eth1, because bind is listening on eth0, but have
> > > > the dhcp server listen on both interfaces (and more).
> > >
> > > What has already been tried?
> >
> > Done several tests and if I launch dnsmasq first then neither it nor bind will  complain,
> > but ss lists both listening on port 53 on the same interface.
>
> Mmm, I hoped that 'What has already been  tried?' got an answer like
>   Configured for daemon A ...., for daemon B ....
>   Configured for daemon A ...., for daemon B ....
>   Configured for daemon A ...., for daemon B ....
>   Configured for daemon A ...., for daemon B ....
>   Repeated that with starting the other one first
>   All iterations checked with ...
>
> > > Advice: Tell in the reply more about the network, such as
> > > which IP-addresses are on the network interfaces.
> >
> > This is a map of my network:
>
> > lan15 192.168.7.0/24 bind on 192.168.7.100 and dnsmasq dhcp on the same address (can be changed)
> > lan30 192.168.8.0/24 dnsmasq dhcp on 192.168.8.150
> > lan45 192.168.11.0.24/ dnsmasq dhcp on 192.168.11.150
> > lan130 192.168.130.0/24 dnsmasq ns and dnsmasq dhcp on 192.168.130.200
> > lan166 192.168.166.0/24 dnsmasq dhcp on 192.168.166.200
>
> Acknowledge on "these 5 networks". What about telling the IP-adresses on
> the interfaces of the box where the tests^Wconfiguration attempts are done?

They are mentioned on the same line for each.

> (I'm lost, previously one computer with eth0 and eth1, now five networks
> and nothing about eth0 nor eth1.)

Forget about those. It was a basic example, the one above is my actual
configuration.

> For what it is worth: Over here is it "dnsmasq works" My reason for
> involvement in discussion like this is "can dnsmasq be better?" and/or
> "what can i learn more about dnsmasq?".  I aim for win-win. Making lots
> of effort to understand what is going on the other side, reduces "my win".

I hear you, but before beginning systematic testing, what I would like
to understand is whether it's theoretically possible, in dnsmasq, for
the listen interface for the nameserver to be configured separately from
the dhcp one. Otherwise this whole exercise is kind of pointless.

Right now if bind is started before dnsmasq, then dnsmasq won't start.
If dnsmasq is started before bind, dnsmasq starts but it takes over
port 53 on every interface and bind doesn't receive queries.
DHCP appears to be working, at least on a non-conflicting interface.
(tried this with only lan15, lan30 and lan130 enabled).

Regards

More information about the Dnsmasq-discuss mailing list