Hi Tong, Le Sat, 2 Jul 2016 17:07:50 +0000 (UTC) T o n g <[email protected]> a écrit:
> Oh, sorry for responding late. > > The machine from which I run dig gets its DNS servers is the one that > I tweaked the /etc/dnsmasq.d/public.conf file, by doing which my DNS > breaks. And on removing the file, my DNS service (servered by local > dnsmasq) works again. > > And, yes, basically I'm creating an open DNS server, and since nobody > is doing that, I can't find any information on how to set it up > properly. Nobody should do that indeed, because it is a very bad idea: your machine may then serve as an amplifier for DDoS attacks. Still, the configuration -- as far as dnsmasq is concerned -- is the same for an open DNS and a LAN DNS. Could you please describe your setup from a network perspective ? > Please help. Thanks > > On Thu, 30 Jun 2016 14:37:17 +0200, Albert ARIBAUD wrote: > > > Hi Tong, > > > > Le Thu, 30 Jun 2016 12:03:07 +0000 (UTC) > > T o n g a écrit: > > > >> Does no reply means impossible, or just nobody has look into it > >> yet? > > > > It is perfectly possible tu run dnsmasq as a "public" DNS, if by > > this you mean "make it serve requests from other hosts than the one > > it is running on", or even, "make it serve requests from any host" > > -- although the latter is risky, as you'd basically create an open > > DNS server. > > > > Now, for th reason why your tests fail, there is not enough info in > > your post to allow diagnosing what is wrong. Notably, you do not > > indicate how the machine from which you run dig gets its DNS > > servers: the issue could just as well be there. > > > >> On Wed, 29 Jun 2016 03:28:02 +0000, T o n g wrote: > >> > >> > If I'm to provide DNS service to the public (outside my local > >> > network) using dnsmasq, how to do it, e.g., how to set the > >> > listen-address? It didn't work out of the box after I installed > >> > it in my Ubuntu (16.04 LTS xenial) so I changed to the > >> > following, but it stops working: > >> > > >> > $ cat /etc/dnsmasq.d/public.conf # listen to public > >> > listen-address=0.0.0.0 # provide only DNS service and disable > >> > DHCP and TFTP on it no-dhcp-interface=eth0 > >> > > >> > $ dig +short docs.google.com ;; connection timed out; no > >> > servers could be reached > >> > > >> > $ netstat -ulnp | grep :53 (Not all processes could be > >> > identified, non-owned process info > >> > will not be shown, you would have to be root to see it > >> > all.) udp 0 0 0.0.0.0:53 > >> > 0.0.0.0:* - > >> > udp6 0 0 :::53 :::* > > > > _______________________________________________ > Dnsmasq-discuss mailing list > [email protected] > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss Amicalement, -- Albert. _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
