I've already added listen-address=127.0.0.1 to it, as it's the host env's IP address.
bind-interfaces has to be commented out, otherwise the jails will have problems resolving (it's a FreeBSD host-jail resolution specific thing) Why would you want me to use except-interface=lo0? I _want_ it to listen on lo0. For the sake of clarity, here't my cleaned dnsmasq.conf: domain-needed conf-file=/usr/local/share/dnsmasq/trust-anchors.conf dnssec dnssec-check-unsigned resolv-file=/usr/local/etc/dnsmasq-resolv.conf interface=lo0 listen-address=127.0.0.1 no-dhcp-interface=lo0 local-ttl=5 dhcp-name-match=set:wpad-ignore,wpad dhcp-ignore-names=tag:wpad-ignore rebind-domain-ok=/rfc-ignorant.org/sorbs.net/uribl.com/surbl.org/dnswl.org/njabl.org/spamhaus.org/spamcop.net/barracudacentral.org/ Cheers, -- László Károlyi http://linkedin.com/in/karolyi On 2020-07-21 14:42, Petr Menšík wrote: > I would check what addresses it is listening on. I think it considers > all loopback addresses its own. Probably because it would accept queries > to that address if you stop unbound. > > It might help, if you configured it with this: > bind-interfaces > except-interface=lo0 > listen-address=127.0.0.21 > > It would listen only on 127.0.0.21 and consider all other addresses not > its own. I think it should send queries there. It should then accept: > server=127.0.0.20 > without ignoring it this way. > > On 7/20/20 4:35 PM, László Károlyi wrote: >> Hi Petr, >> >> as you have seen in the original email, it is dnsmasq that refuses to >> use the lo0 interface to communicate with the IP 127.0.0.20: >> >> Jul 20 13:33:23 ksol dnsmasq[99396]: ignoring nameserver 127.0.0.20 - >> local interface >> >> When querying manually from the host env to the jailed unbound, I get >> proper DNS responses. This was something I did pay extra attention to >> get it working from the get-go. See: >> >> Citing my configs here makes no sense as you can see it's working already. >> >> Cheers, >> -- >> László Károlyi >> http://linkedin.com/in/karolyi >> >> On 2020-07-20 16:12, Petr Menšík wrote: >>> Hi László, >>> >>> are you sure it is dnsmasq, who is rejecting the communication? >>> Unbound has by default disabled commuinication on localhost. If you have >>> any other servers running along it, you have to use: >>> >>> do-not-query-localhost: no >>> >>> to override defaults. But that has to be done on unbound side. AFAIK >>> dnsmasq does not have any such limitation. It does limit only >>> per-interface, all required is to configure interface=lo, which is >>> enabled by default. >>> >>> How many interface= statements do you have in configuration? Is >>> localhost included? >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss@lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss