18.7 R1 and R2 dnsmasq problem

Started by agh1701, July 19, 2018, 07:14:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 19, 2018, 07:14:40 PM
dnsmasq is missing localhost, all interfaces to bind to.  Only LAN and WAN are available.  the default LAN binding seems to be ALL.  This prevents packages such as dnscrypt from working as it needs to be bound to 127.0.0.2.  dnscrypt will not bind because dnsmasq is already bound.

For now I switched to unbound which I can set the interface binding correctly.
July 19, 2018, 09:44:36 PM #1
Not sure I understand completely, but there was a similar problem reported:

https://github.com/opnsense/core/issues/2562

We'll have Dnsmasq bind to loopback addresses in either case now. resolv.conf did not cope correctly.


Cheers,
Franco
July 19, 2018, 10:41:56 PM #2
Simply put,  dnsmasq now binds to all local loopback address 127.0.0.1, 127.0.0.2 ... etc.  in 18.1 you could select only bind to localhost or loopback 127.0.0.1.  the problem is that it is binding to all loopback addresses.

we must have the ability to bind to LAN and only localhost 127.0.0.1.  If that's what the patch does than cool.
July 20, 2018, 12:34:18 AM #3
Ok, I think I understand. Still, "all" was always binding all addresses. The only thing that changes is we lost "loopback", but you can retain this by selecting "LAN" or whatever, just not "all".

You can try the patch easily using this command:

# opnsense-patch 188b098


Cheers,
Franco
July 20, 2018, 03:21:09 PM #4
That is the problem LAN behaves as ALL.  It is also binding to any additional localhost virtual IP's defined.

I have not tried the patch yet.  tiring to find time.
July 20, 2018, 03:48:26 PM #5
No dice on the patch.  the LAN option is still binding to all localhosts.
July 20, 2018, 04:27:20 PM #6
> the LAN option is still binding to all localhosts.

There seems to be omitted context here. What is your lo0 ifconfig output? Are you manipulating lo0 addresses?


Cheers,
Franco
July 20, 2018, 05:31:23 PM #7 Last Edit: July 20, 2018, 05:34:46 PM by agh1701
Code Select
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        inet 127.0.0.2 netmask 0xffffffff
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo

The problem is dnsmasq is also binding to 127.0.0.2

127.0.0.2 is defined as an Virtual IP:
Mode: IP Alias
Interface: Localhost
address: 127.0.0.2

This was done to have dnscrypt-proxy bind to 127.0.0.2.  however, dnsmasq binds to it first and I can not stop it.
Under 18.1 I was able to control binding by check marking LAN and Localhost(not check marking ALL) and checking strict interface binding.  this prevented dnsmasq from binding to 127.0.0.2.
There is no longer a Localhost to select so the only check markable option is LAN.  it seems like LAN is acting as ALL

July 23, 2018, 09:06:06 AM #8
Ok, listen, Dnsmasq will *always* be using localhost no matter which setting, but in 18.7 it will not use any other IPv4 than 127.0.0.1. You need to set it to LAN in order to achieve this. We still need 127.0.0.1 for local resolving.


Cheers,
Franco
July 23, 2018, 03:30:25 PM #9
Yes, I agree.  how do I stop it from binding to 127.0.0.2 like I was able to in 18.1.  also keep in mid that I am able to configure unbound to not use 127.0.0.2
July 24, 2018, 08:06:42 AM #10
It will be fixed in 18.7 next week.


Cheers,
Franco
July 24, 2018, 06:41:01 PM #11
Thanks Franco!
Print
Go Up Pages1
User actions