On Sat, Mar 30, 2024 at 4:39 AM Chris Green <c...@isbd.net> wrote: > > On Fri, Mar 29, 2024 at 03:45:20PM -0500, Chris Buechler wrote: > > On Thu, Mar 28, 2024 at 11:40 AM Chris Green <[1]c...@isbd.net> wrote: > > > > I did try stopping dnsmasq and then nothing was listening on port > > 53. > > However, just to prove it:- > > root@backup:~# ss -tulpn sport = 53 > > Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port > > Process > > udp UNCONN 0 0 [2]0.0.0.0:53 > > 0.0.0.0:* users:(("dnsmasq",pid=1826,fd=4)) > > udp UNCONN 0 0 [::]:53 [::]:* > > users:(("dnsmasq",pid=1826,fd=6)) > > tcp LISTEN 0 32 [3]0.0.0.0:53 > > 0.0.0.0:* users:(("dnsmasq",pid=1826,fd=5)) > > tcp LISTEN 0 32 [::]:53 [::]:* > > users:(("dnsmasq",pid=1826,fd=7)) > > > > That's the nature of how dnsmasq binds by default. You need two config > > lines to actually bind only to localhost: > > listen-address=127.0.0.1 > > bind-interfaces > > The listen-address config will make it only reply to queries to > > localhost, but doesn't prevent wildcard binding. bind-interfaces makes > > it bind explicitly to the listen-address. See the bind-interfaces > > section of the man page for details. > > [4]https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html > > > OK, thank you, I did read those man page entries but found it rather > confusing! It has fixed the problem though! :-) > > I still don't quite understand why it seemed to work on one system but > not on another almost identical one.
Glad that worked for you. The difference is likely either the other system already had bind-interfaces in its config somewhere so it's not binding wildcard, or otherwise has a host firewall blocking port 53 if it is wildcard binding. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss