On Thu, Mar 28, 2024 at 11:40 AM Chris Green <c...@isbd.net> wrote:
>
> I did try stopping dnsmasq and then nothing was listening on port 53.
> However, just to prove it:-
> root@backup:~# ss -tulpn sport = 53
>
> Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
> Process
> udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:*
> users:(("dnsmasq",pid=1826,fd=4))
> udp UNCONN 0 0 [::]:53 [::]:*
> users:(("dnsmasq",pid=1826,fd=6))
> tcp LISTEN 0 32 0.0.0.0:53 0.0.0.0:*
> users:(("dnsmasq",pid=1826,fd=5))
> tcp LISTEN 0 32 [::]:53 [::]:*
> users:(("dnsmasq",pid=1826,fd=7))
>
That's the nature of how dnsmasq binds by default. You need two config
lines to actually bind only to localhost:
listen-address=127.0.0.1
bind-interfaces
The listen-address config will make it only reply to queries to localhost,
but doesn't prevent wildcard binding. bind-interfaces makes it bind
explicitly to the listen-address. See the bind-interfaces section of the
man page for details.
https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
