OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • 18.7 R1 and R2 dnsmasq problem
« previous next »
  • Print
Pages: [1]

Author Topic: 18.7 R1 and R2 dnsmasq problem  (Read 6239 times)

agh1701

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 2
    • View Profile
18.7 R1 and R2 dnsmasq problem
« on: July 19, 2018, 07:14:40 pm »
dnsmasq is missing localhost, all interfaces to bind to.  Only LAN and WAN are available.  the default LAN binding seems to be ALL.  This prevents packages such as dnscrypt from working as it needs to be bound to 127.0.0.2.  dnscrypt will not bind because dnsmasq is already bound.

For now I switched to unbound which I can set the interface binding correctly.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 15589
  • Karma: 1348
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #1 on: July 19, 2018, 09:44:36 pm »
Not sure I understand completely, but there was a similar problem reported:

https://github.com/opnsense/core/issues/2562

We'll have Dnsmasq bind to loopback addresses in either case now. resolv.conf did not cope correctly.


Cheers,
Franco
Logged

agh1701

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 2
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #2 on: July 19, 2018, 10:41:56 pm »
Simply put,  dnsmasq now binds to all local loopback address 127.0.0.1, 127.0.0.2 ... etc.  in 18.1 you could select only bind to localhost or loopback 127.0.0.1.  the problem is that it is binding to all loopback addresses.

we must have the ability to bind to LAN and only localhost 127.0.0.1.  If that's what the patch does than cool.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 15589
  • Karma: 1348
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #3 on: July 20, 2018, 12:34:18 am »
Ok, I think I understand. Still, "all" was always binding all addresses. The only thing that changes is we lost "loopback", but you can retain this by selecting "LAN" or whatever, just not "all".

You can try the patch easily using this command:

# opnsense-patch 188b098


Cheers,
Franco
Logged

agh1701

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 2
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #4 on: July 20, 2018, 03:21:09 pm »
That is the problem LAN behaves as ALL.  It is also binding to any additional localhost virtual IP's defined.

I have not tried the patch yet.  tiring to find time.
Logged

agh1701

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 2
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #5 on: July 20, 2018, 03:48:26 pm »
No dice on the patch.  the LAN option is still binding to all localhosts.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 15589
  • Karma: 1348
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #6 on: July 20, 2018, 04:27:20 pm »
> the LAN option is still binding to all localhosts.

There seems to be omitted context here. What is your lo0 ifconfig output? Are you manipulating lo0 addresses?


Cheers,
Franco
Logged

agh1701

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 2
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #7 on: July 20, 2018, 05:31:23 pm »
Code: [Select]
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        inet 127.0.0.2 netmask 0xffffffff
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo

The problem is dnsmasq is also binding to 127.0.0.2

127.0.0.2 is defined as an Virtual IP:
Mode: IP Alias
Interface: Localhost
address: 127.0.0.2

This was done to have dnscrypt-proxy bind to 127.0.0.2.  however, dnsmasq binds to it first and I can not stop it.
Under 18.1 I was able to control binding by check marking LAN and Localhost(not check marking ALL) and checking strict interface binding.  this prevented dnsmasq from binding to 127.0.0.2.
There is no longer a Localhost to select so the only check markable option is LAN.  it seems like LAN is acting as ALL

« Last Edit: July 20, 2018, 05:34:46 pm by agh1701 »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 15589
  • Karma: 1348
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #8 on: July 23, 2018, 09:06:06 am »
Ok, listen, Dnsmasq will *always* be using localhost no matter which setting, but in 18.7 it will not use any other IPv4 than 127.0.0.1. You need to set it to LAN in order to achieve this. We still need 127.0.0.1 for local resolving.


Cheers,
Franco
Logged

agh1701

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 2
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #9 on: July 23, 2018, 03:30:25 pm »
Yes, I agree.  how do I stop it from binding to 127.0.0.2 like I was able to in 18.1.  also keep in mid that I am able to configure unbound to not use 127.0.0.2
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 15589
  • Karma: 1348
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #10 on: July 24, 2018, 08:06:42 am »
It will be fixed in 18.7 next week.


Cheers,
Franco
Logged

agh1701

  • Jr. Member
  • **
  • Posts: 74
  • Karma: 2
    • View Profile
Re: 18.7 R1 and R2 dnsmasq problem
« Reply #11 on: July 24, 2018, 06:41:01 pm »
Thanks Franco!
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • 18.7 R1 and R2 dnsmasq problem
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2