I received a similar diff from Angelos a while back, though I turned it down on the grounds that rebound wasn't ready to be a recursive resolver. But I think we're in better shape now.
This adds a -l address option to specify the listening address, turning rebound into a lightweight partial replacement for unbound for a small network. It's barely any more code, just changing the bind address. Motivated to revisit this because unbound pooped itself again recently. Maybe I'm just unlucky, but I have trouble with certain queries getting stuck in a blackhole. I'd fix that problem, but I'm incapable of understanding programs larger than 1000 lines of C. Index: rebound.8 =================================================================== RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v retrieving revision 1.6 diff -u -p -r1.6 rebound.8 --- rebound.8 7 Oct 2016 21:03:06 -0000 1.6 +++ rebound.8 3 Jul 2017 03:26:08 -0000 @@ -23,6 +23,7 @@ .Nm rebound .Op Fl d .Op Fl c Ar config +.Op Fl l Ar address .Sh DESCRIPTION The .Nm @@ -49,6 +50,10 @@ Debug mode. does not .Xr fork 2 into the background. +.It Fl l Ar address +Listen for connections by binding to +.Ar address , +an IP specified in dotted quad notation, instead of the default of localhost. .El .Sh FILES .Bl -tag -width "/etc/resolv.confXX" -compact Index: rebound.c =================================================================== RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v retrieving revision 1.84 diff -u -p -r1.84 rebound.c --- rebound.c 31 May 2017 04:52:11 -0000 1.84 +++ rebound.c 3 Jul 2017 03:26:26 -0000 @@ -896,7 +896,7 @@ resetport(void) static void __dead usage(void) { - fprintf(stderr, "usage: rebound [-d] [-c config]\n"); + fprintf(stderr, "usage: rebound [-d] [-c config] [-l address]\n"); exit(1); } @@ -909,6 +909,7 @@ main(int argc, char **argv) int ld, ld6, ud, ud6, ch; int one = 1; const char *confname = "/etc/resolv.conf"; + const char *bindname = "127.0.0.1"; tzset(); openlog("rebound", LOG_PID | LOG_NDELAY, LOG_DAEMON); @@ -916,7 +917,7 @@ main(int argc, char **argv) signal(SIGPIPE, SIG_IGN); signal(SIGUSR1, SIG_IGN); - while ((ch = getopt(argc, argv, "c:dW")) != -1) { + while ((ch = getopt(argc, argv, "c:dl:W")) != -1) { switch (ch) { case 'c': confname = optarg; @@ -924,6 +925,10 @@ main(int argc, char **argv) case 'd': debug = 1; break; + case 'l': + bindname = optarg; + jackport = 0; + break; case 'W': daemonized = 1; /* parent responsible for setting up fds */ @@ -945,8 +950,8 @@ main(int argc, char **argv) memset(&bindaddr, 0, sizeof(bindaddr)); bindaddr.i.sin_len = sizeof(bindaddr.i); bindaddr.i.sin_family = AF_INET; - bindaddr.i.sin_port = htons(jackport); - inet_aton("127.0.0.1", &bindaddr.i.sin_addr); + bindaddr.i.sin_port = htons(jackport ? jackport : 53); + inet_aton(bindname, &bindaddr.i.sin_addr); ud = socket(AF_INET, SOCK_DGRAM, 0); if (ud == -1) @@ -966,7 +971,7 @@ main(int argc, char **argv) memset(&bindaddr, 0, sizeof(bindaddr)); bindaddr.i6.sin6_len = sizeof(bindaddr.i6); bindaddr.i6.sin6_family = AF_INET6; - bindaddr.i6.sin6_port = htons(jackport); + bindaddr.i6.sin6_port = htons(jackport ? jackport : 53); bindaddr.i6.sin6_addr = in6addr_loopback; ud6 = socket(AF_INET6, SOCK_DGRAM, 0); @@ -984,8 +989,10 @@ main(int argc, char **argv) if (listen(ld6, 10) == -1) logerr("listen: %s", strerror(errno)); - atexit(resetport); - sysctl(dnsjacking, 2, NULL, NULL, &jackport, sizeof(jackport)); + if (jackport) { + atexit(resetport); + sysctl(dnsjacking, 2, NULL, NULL, &jackport, sizeof(jackport)); + } if (debug) { int conffd = openconfig(confname, -1);