Re: [Dnsmasq-discuss] FreeBSD vs. bind-interfaces and except-interface
Matthias Andree wrote: Am 16.02.2011 17:41, schrieb Simon Kelley: in that case, dnsmasq binds to 192.168.0.4 according to lsof. Is this a known issue on FreeBSD? What means are there to resolve this so that users don't fall into this trap? The behavior is the same on all platforms. Without bind-interfaces: Bind INADDR_ANY, implement --interface, --address, --except-interface by examining incoming packets and discarding those we shouldn't answer. Apparently there is something that doesn't work here. Either dnsmasq doesn't see the request, or discards it when it shouldn't. I'm going to try and find out later. There's a couple of reasons this could fail, but the reason is _not_ that FreeBSD 8.2 couldn't bind INADDR_ANY with named bound to 127.0.0.1:53 TCPv4 and ::1/53 TCPv6. I'd expect that sequence to result in EADDRINUSE on Linux. Simon.
Re: [Dnsmasq-discuss] FreeBSD vs. bind-interfaces and except-interface
Matthias Andree wrote: Situation: dnsmasq 2.56 supposed to answer all but loopback. named (system default BIND 9.6.3, FreeBSD 8.2-PRERELEASE amd64) is bound to 127.0.0.1 and ::1 port 53, confirmed with lsof. dnsmasq config is as follows: domain-needed bogus-priv no-resolv no-poll server=127.0.0.1 except-interface=lo0 expand-hosts domain=example.org # real address here log-queries $ ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 nd6 options=3PERFORMNUD,ACCEPT_RTADV This does not work at all (dnsmasq binds to INADDR_ANY), queries to the local IP address (192.168.0.4) time out. I need to add bind-interfaces to the configuration so that things work - in that case, dnsmasq binds to 192.168.0.4 according to lsof. Is this a known issue on FreeBSD? What means are there to resolve this so that users don't fall into this trap? The behavior is the same on all platforms. Without bind-interfaces: Bind INADDR_ANY, implement --interface, --address, --except-interface by examining incoming packets and discarding those we shouldn't answer. Changes to interfaces (up, down, change address) are not a problem. Specifying an interface which doesn't exist is just a warning. Binding other servers to the same port doesn't work. With bind-interfaces: Enumerate the existing interfaces and their addresses at start up, bind interface addresses according to --interface, --address, --except-interface. Can fail if a specified interface doesn't exist, interfaces which don't exist at startup will never be bound. Binding other servers to the same port works. Pick your poison, neither are ideal. Cheers, Simon.
Re: [Dnsmasq-discuss] FreeBSD vs. bind-interfaces and except-interface
Am 16.02.2011 17:41, schrieb Simon Kelley: in that case, dnsmasq binds to 192.168.0.4 according to lsof. Is this a known issue on FreeBSD? What means are there to resolve this so that users don't fall into this trap? The behavior is the same on all platforms. Without bind-interfaces: Bind INADDR_ANY, implement --interface, --address, --except-interface by examining incoming packets and discarding those we shouldn't answer. Apparently there is something that doesn't work here. Either dnsmasq doesn't see the request, or discards it when it shouldn't. I'm going to try and find out later. There's a couple of reasons this could fail, but the reason is _not_ that FreeBSD 8.2 couldn't bind INADDR_ANY with named bound to 127.0.0.1:53 TCPv4 and ::1/53 TCPv6. -- Matthias Andree
