OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: xofer on November 24, 2020, 01:16:39 pm

Title: Make dnsmasq NOT listen to localhost and ipv6
Post by: xofer on November 24, 2020, 01:16:39 pm

Hi,

for reasons I would rather not go at the moment, I would like to bind dnsmasq to specific interfaces. However no matter what i do, according to netstat it binds additionally to:
udp6       0      0 ::1.53
udp4       0      0 127.0.0.1.53

I have selected two interfaces on my system and enabled Strict Interface Binding which says: If this option is set, Dnsmasq will only bind to the interfaces containing the IP addresses selected above, rather than binding to all interfaces and discarding queries to other addresses. This option does not work with IPv6. If set, Dnsmasq will not bind to IPv6 addresses.

Title: Re: Make dnsmasq NOT listen to localhost and ipv6
Post by: Fright on November 24, 2020, 06:26:35 pm

dnsmasq.inc automatically adds  --listen-address args with loopback addresses to dnsmasq string.
and somehow --except-interface=lo0 not working to manualy exclude loopbacks.
if you really need the dnsmasq not bind to loopback you can comment out string in dnsmasq.inc

Code: [Select]

$interfaces[] = 'lo0';

Title: Re: Make dnsmasq NOT listen to localhost and ipv6
Post by: xofer on November 25, 2020, 10:19:22 am

Thanks, ill try that.
But the udp6 wildcard part? Any idea? The opnsense gui help text is misleading to say the least.

Title: Re: Make dnsmasq NOT listen to localhost and ipv6
Post by: Fright on November 25, 2020, 10:36:37 am

its ipv6 loopback
same story - "$interfaces[] = 'lo0'" adds all lo0 IPs: v4 and v6