On Sat, Mar 30, 2024 at 4:39 AM Chris Green wrote:
>
> On Fri, Mar 29, 2024 at 03:45:20PM -0500, Chris Buechler wrote:
> >On Thu, Mar 28, 2024 at 11:40 AM Chris Green <[1]c...@isbd.net> wrote:
> >
> > I did try stopping dnsmasq and then nothing was listening on port
> > 53.
> > However, just to prove it:-
> > root@backup:~# ss -tulpn sport = 53
> > Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
> > Process
> > udp UNCONN 0 0[2]0.0.0.0:53
> > 0.0.0.0:* users:(("dnsmasq",pid=1826,fd=4))
> > udp UNCONN 0 0 [::]:53[::]:*
> > users:(("dnsmasq",pid=1826,fd=6))
> > tcp LISTEN 0 32 [3]0.0.0.0:53
> > 0.0.0.0:* users:(("dnsmasq",pid=1826,fd=5))
> > tcp LISTEN 0 32 [::]:53[::]:*
> > users:(("dnsmasq",pid=1826,fd=7))
> >
> >That's the nature of how dnsmasq binds by default. You need two config
> >lines to actually bind only to localhost:
> >listen-address=127.0.0.1
> >bind-interfaces
> >The listen-address config will make it only reply to queries to
> >localhost, but doesn't prevent wildcard binding. bind-interfaces makes
> >it bind explicitly to the listen-address. See the bind-interfaces
> >section of the man page for details.
> >[4]https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
> >
> OK, thank you, I did read those man page entries but found it rather
> confusing! It has fixed the problem though! :-)
>
> I still don't quite understand why it seemed to work on one system but
> not on another almost identical one.
Glad that worked for you. The difference is likely either the other
system already had bind-interfaces in its config somewhere so it's not
binding wildcard, or otherwise has a host firewall blocking port 53 if
it is wildcard binding.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
