[Dnsmasq-discuss] dnsmasq: failed to create listening socket for 10.0.2.2: Address already in use

Fri Feb 28 21:31:33 UTC 2025

On Sunday, February 23rd, 2025 at 11:47 PM, user via Dnsmasq-discuss <dnsmasq-discuss at lists.thekelleys.org.uk> wrote:

>>I used the specific term 'dnsmasq' as a search term on the Whonix documentation, and only returned the KVM installation instructions. Since I was going to need them anyway, I decided to review them one more time:
> > 
> > https://whonix.org/wiki/KVM#Debian
> > 
> > You can find a condensed version of the page with only the terminal commands here:
> > 
> > https://whonix.org/wiki/KVM/Minimalized_Installation
> > 
> > After the portion where the user installs KVM and reboots, I notice this:
> > 
> > virsh -c qemu:///system net-autostart default
> > virsh -c qemu:///system net-start default
> > 
> > which I assume is the system-wide instance that is running on 0.0.0.0 and :: in addition to the one for Whonix-External:
> > 
> > sudo virsh -c qemu:///system net-autostart Whonix-External
> > sudo virsh -c qemu:///system net-start Whonix-External
> > 
> > Here we have in the very installation instructions the spawning of two dnsmasqs! I drew a few different conclusions from this:
> > 
> > 1. It is the developer's intention to have two instances running, in which case I should pursue the second option you suggest.
> > 
> > 2. It is a generic instruction for running virtual machines. I do not know enough about other virtual machine configurations or setups, but perhaps other setups don't define explicit ones like Whonix does here and just rely on running the system-wide one.
> > 
> > 3. It is an obsolete or incorrect instruction from when dnsmasq in prior versions failed silently, according to a poster in the link provided by the user Buck Horn (https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055776). Since it failed silently, it wouldn't matter if there were two running; you wouldn't notice the problem. Only now since dnsmasq complains about it did it become a problem because it obstructs the launch of the Whonix-Gateway VM.
> > 
> > I cannot determine the intention with my research alone. Now that I have exhausted my options, I think I will participate in the Whonix forum thread (https://forums.whonix.org/t/cannot-start-whonix-external-virtual-network/21092) and detail my findings (and present the solutions you described) thanks to the help you have provided. Since I have shifted the question from both my and the original poster's incidental problem to Whonix (why does dnsmasq prevent me from starting the Whonix-Gateway?) to an integral one (what is the role of dnsmasq in Whonix's design and KVM implementation, and does it necessitate only one or multiple instances?) I think the developer may now be able to provide an answer.
> > 
> > Meanwhile, I will attempt the two-instance solution. I have never done this activity before, so it may take me quite a bit of time. I do not know if any problems or questions I may have will be on-topic for the dnsmasq mailing list, per se, but I think the outcome and whatever response I may receive in the forum should provide a tidier conclusion to the thread.

I attempted to reply on the forum, but it seems to employ some kind of graduated posting system to prevent spam, so I was unable to proceed. However, I did find out from this forum post that the reason I was unable to draw a concrete conclusion as to whether I require one instance or two was...that Whonix doesn't require dnsmasq at all! It is included with KVM due to Debian packaging, and the Whonix project would remove it were it not for this requirement.

https://forums.whonix.org/t/whonix-kvm-dnsmasq-listen-port-on-host-operating-system-attack-surface-reduction/15973

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074617

Since this is the case, I abandoned my plan to test the two-instance setup and I now use only the one. I appreciate the help of the mailing list in assisting me to reach this conclusion, and thank you for all of the helpful direction and advice I received. I hope these links will be a sufficient and informative conclusion for those who may find this thread because of this same issue.