Matthias Andree wrote: > Situation: > > dnsmasq 2.56 supposed to answer all but loopback. named (system default > BIND 9.6.3, FreeBSD 8.2-PRERELEASE amd64) is bound to 127.0.0.1 and ::1 > port 53, confirmed with lsof. dnsmasq config is as follows: > > domain-needed > bogus-priv > no-resolv > no-poll > server=127.0.0.1 > except-interface=lo0 > expand-hosts > domain=example.org # real address here > log-queries > > $ ifconfig lo0 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > > This does not work at all (dnsmasq binds to INADDR_ANY), queries to the > local IP address (192.168.0.4) time out. > > I need to add bind-interfaces to the configuration so that things work - > in that case, dnsmasq binds to 192.168.0.4 according to lsof. > > > Is this a known issue on FreeBSD? What means are there to resolve this > so that users don't fall into this trap? >
The behavior is the same on all platforms. Without bind-interfaces: Bind INADDR_ANY, implement --interface, --address, --except-interface by examining incoming packets and discarding those we shouldn't answer. Changes to interfaces (up, down, change address) are not a problem. Specifying an interface which doesn't exist is just a warning. Binding other servers to the same port doesn't work. With bind-interfaces: Enumerate the existing interfaces and their addresses at start up, bind interface addresses according to --interface, --address, --except-interface. Can fail if a specified interface doesn't exist, interfaces which don't exist at startup will never be bound. Binding other servers to the same port works. Pick your poison, neither are ideal. Cheers, Simon.