[Dnsmasq-discuss] Different behaviour with "interface=" on two almost identical systems
Chris Buechler
cbuechler at gmail.com
Sat Mar 30 19:37:13 UTC 2024
On Sat, Mar 30, 2024 at 4:39 AM Chris Green <cl at isbd.net> wrote:
>
> On Fri, Mar 29, 2024 at 03:45:20PM -0500, Chris Buechler wrote:
> > On Thu, Mar 28, 2024 at 11:40 AM Chris Green <[1]cl at isbd.net> wrote:
> >
> > I did try stopping dnsmasq and then nothing was listening on port
> > 53.
> > However, just to prove it:-
> > root at backup:~# ss -tulpn sport = 53
> > Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
> > Process
> > udp UNCONN 0 0 [2]0.0.0.0:53
> > 0.0.0.0:* users:(("dnsmasq",pid=1826,fd=4))
> > udp UNCONN 0 0 [::]:53 [::]:*
> > users:(("dnsmasq",pid=1826,fd=6))
> > tcp LISTEN 0 32 [3]0.0.0.0:53
> > 0.0.0.0:* users:(("dnsmasq",pid=1826,fd=5))
> > tcp LISTEN 0 32 [::]:53 [::]:*
> > users:(("dnsmasq",pid=1826,fd=7))
> >
> > That's the nature of how dnsmasq binds by default. You need two config
> > lines to actually bind only to localhost:
> > listen-address=127.0.0.1
> > bind-interfaces
> > The listen-address config will make it only reply to queries to
> > localhost, but doesn't prevent wildcard binding. bind-interfaces makes
> > it bind explicitly to the listen-address. See the bind-interfaces
> > section of the man page for details.
> > [4]https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
> >
> OK, thank you, I did read those man page entries but found it rather
> confusing! It has fixed the problem though! :-)
>
> I still don't quite understand why it seemed to work on one system but
> not on another almost identical one.
Glad that worked for you. The difference is likely either the other
system already had bind-interfaces in its config somewhere so it's not
binding wildcard, or otherwise has a host firewall blocking port 53 if
it is wildcard binding.
More information about the Dnsmasq-discuss
mailing list