[opensuse] dnsmasq - listens on all addresses despite config?
I have this config: # grep ^[a-zA-Z] /etc/dnsmasq.conf domain-needed no-resolv user=dnsmasq group=nogroup listen-address=127.0.0.1 conf-dir=/etc/dnsmasq.d/,*.conf Shouldn't this be enough to make dnsmasq listen only on 127.0.0.1 ? Yet what I see is this: # ss -ltn State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 5 0.0.0.0:873 0.0.0.0:* LISTEN 0 80 127.0.0.1:3306 0.0.0.0:* LISTEN 0 32 0.0.0.0:53 0.0.0.0:* LISTEN 0 100 127.0.0.1:25 0.0.0.0:* LISTEN 0 128 0.0.0.0:31577 0.0.0.0:* LISTEN 0 5 [::]:873 [::]:* LISTEN 0 32 [::]:53 [::]:* LISTEN 0 100 [::1]:25 [::]:* LISTEN 0 128 [::]:31577 [::]:* -- Per Jessen, Zürich (8.5°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
I have this config:
# grep ^[a-zA-Z] /etc/dnsmasq.conf domain-needed no-resolv user=dnsmasq group=nogroup listen-address=127.0.0.1 conf-dir=/etc/dnsmasq.d/,*.conf
Shouldn't this be enough to make dnsmasq listen only on 127.0.0.1 ?
Ignore this, turns out I can't use dnsmasq for this setup anyway. -- Per Jessen, Zürich (9.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Thu, 16 May 2019, Per Jessen wrote:
I have this config:
# grep ^[a-zA-Z] /etc/dnsmasq.conf domain-needed no-resolv user=dnsmasq group=nogroup listen-address=127.0.0.1 conf-dir=/etc/dnsmasq.d/,*.conf
Shouldn't this be enough to make dnsmasq listen only on 127.0.0.1 ?
==== # On systems which support it, dnsmasq binds the wildcard address, # even when it is listening on only some interfaces. It then discards # requests that it shouldn't reply to. This has the advantage of # working even when interfaces come and go and change address. If you # want dnsmasq to really bind only the interfaces it is listening on, # uncomment this option. About the only time you may need this is when # running another nameserver on the same machine. bind-interfaces ==== JFTR, HTH, -dnh -- Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec [from the fortune file] -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
David Haller wrote:
Hello,
On Thu, 16 May 2019, Per Jessen wrote:
I have this config:
# grep ^[a-zA-Z] /etc/dnsmasq.conf domain-needed no-resolv user=dnsmasq group=nogroup listen-address=127.0.0.1 conf-dir=/etc/dnsmasq.d/,*.conf
Shouldn't this be enough to make dnsmasq listen only on 127.0.0.1 ?
==== # On systems which support it, dnsmasq binds the wildcard address, # even when it is listening on only some interfaces. It then discards # requests that it shouldn't reply to. This has the advantage of # working even when interfaces come and go and change address. If you # want dnsmasq to really bind only the interfaces it is listening on, # uncomment this option. About the only time you may need this is when # running another nameserver on the same machine. bind-interfaces ====
Thanks for digging that out, David, I wouldnt have thought to look for something like that. -- Per Jessen, Zürich (15.2°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
David Haller -
Per Jessen