[Bug 1414887] Re: dns query from localnetwork ignored
[Expired for dnsmasq (Ubuntu) because there has been no activity for 60 days.] ** Changed in: dnsmasq (Ubuntu) Status: Incomplete = Expired -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1414887 Title: dns query from localnetwork ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1414887/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1414887] Re: dns query from localnetwork ignored
First, as suggested by the author of dnsmasq, the `local-service` should be in the default configuration. However, Ubuntu 14.10 doesn't have that What the man page exactly says is that local-service only has effect i[f] there are no --interface --except-interface, --listen-address or --auth-server options. Here is what I found out how dnsmasq is started in Ubuntu 14.10: /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 [...] This is not the dnsmasq process started by the dnsmasq package. It is the local forwarding dnsmasq process started by NetworkManager. If your complaint is that the local forwarding dnsmasq process started by NetworkManager doesn't respond to queries coming from the network then the answer is that this process is not supposed to do that. But I don't think that this is your complaint because you said that you didn't have the problem in Ubuntu 13.10. On my machine, the dnsmasq process started by the dnsmasq package looks like this in ps -elf output /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -r /var/run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old ,.dpkg-new --local-service As no --interface --except-interface, --listen-address or --auth-server option is given, the --local-service option is active. In order to deactivate the local-service feature, I suggest you configure dnsmasq with one of the above mentioned options. ** Changed in: dnsmasq (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1414887 Title: dns query from localnetwork ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1414887/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1414887] Re: dns query from localnetwork ignored
** Summary changed: - dns query from localnetwork are blocked + dns query from localnetwork ignored -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1414887 Title: dns query from localnetwork ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1414887/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1414887] Re: dns query from localnetwork ignored
Ah, thanks Thomas. You lead me to the right direction. As Simon Kelley, the author of dnsmasq said in the new dnsmasq manpag, `local-service` is intended to be set as a default on installation, to allow unconfigured installations to be useful... it will have no effect, but for otherwise-unconfigured installations, it stops dnsmasq from being vulnerable to DNS-reflection attacks, I'm changing this bug report to bear the purpose to have dnsmasq better configured out of box for Ubuntu (14.10+). - First, as suggested by the author of dnsmasq, the `local-service` should be in the default configuration. However, Ubuntu 14.10 doesn't have that: % cat /etc/dnsmasq.conf /etc/dnsmasq.d/network-manager | sed '/^$/d; /^#/d' bind-interfaces - Second, unlike its previous version, Ubuntu 14.10 now starts dnsmasq in a very restricted way. Here is what I found out how dnsmasq is started in Ubuntu 14.10: /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind- interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf- file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf- dir=/etc/NetworkManager/dnsmasq.d I.e., that ` --listen-address=127.0.1.1` will willfully ignore any dns queries from localnetwork. This is the exact reason causing the symptom that I reported. I believe this setting should not be there, because 1. for people that need the setting, it is very easy to put it into a conf file under /etc/dnsmasq.d/; 2. however, it will make it very very difficult for people who don't need it to get rid of it unless altering the package installation. 3. Ubuntu should really ship the default setting of `local-service` instead of `listen-address`, because it is a safer default and not invasive in the meantime. it will have no effect but for an otherwise-unconfigured installation. Please consider. Meanwhile, is there any better way to get rid of that ` --listen- address=127.0.1.1`? The least that I want is to altering the package installation. Thanks ** Changed in: dnsmasq (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1414887 Title: dns query from localnetwork ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1414887/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
