Discussion:
[Dnsmasq-discuss] dnsmasq on FreeBSD not listening on specified interfaces
Jason Mann
2017-09-21 11:19:59 UTC
Permalink
Hi list.

I'm running dnsmasq 2.77 on FreeBSD-11.1-RELEASE. dnsmasq was installed
from FreeBSD's package repository.

It's running on a gateway host with two Intel interfaces, originally named
igb0 and igb1 by the kernel. I've made use of FreeBSD's interface renaming
feature to rename these 'lan' and 'wan'. I've also created a lan.129 vlan
interface.

# ifconfig -l
lan wan lo0 pflog0 lan.129

I have tried to configure dnsmasq to listen only on 'lan' and 'lan.129'
(plus the implicit 'lo0') with the following directives:

interface=lan
interface=lan.129

However, after a restart, dnsmasq is still listening on all interfaces (*)

# sockstat -l | grep "USER\|dnsmasq"


USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN
ADDRESS
nobody dnsmasq 43007 4 udp4 *:67 *:*
nobody dnsmasq 43007 8 udp4 *:53 *:*
nobody dnsmasq 43007 9 tcp4 *:53 *:*
nobody dnsmasq 43007 10 udp6 *:53 *:*
nobody dnsmasq 43007 11 tcp6 *:53 *:*

I also tried 'except-interface=wan', with the same result.

I can try setting the interfaces back to their original names, but that
will be service disrupting for my users. Before I try that can anyone
suggest what might be wrong here?

Kind regards,

Jason
Chris Novakovic
2017-09-21 12:55:26 UTC
Permalink
Post by Jason Mann
I have tried to configure dnsmasq to listen only on 'lan' and 'lan.129'
interface=lan
interface=lan.129
However, after a restart, dnsmasq is still listening on all interfaces (*)
-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address, even when it is listening on only some interfaces. It then discards requests that it shouldn't reply to. This has the advantage of working even when interfaces come and go and change address. This option forces dnsmasq to really bind only the interfaces it is listening on. About the only time when this is useful is when running another nameserver (or another instance of dnsmasq) on the same machine. Setting this option also enables multiple instances of dnsmasq which provide DHCP service to run in the same machine.
Try adding "bind-interfaces" to your configuration. (The man page also
describes a "bind-dynamic" option, but this won't work under FreeBSD.)
Jason Mann
2017-09-21 13:11:31 UTC
Permalink
Thanks, that did the job.

Apologies for not reading the man page more carefully.
Post by Jason Mann
Post by Jason Mann
I have tried to configure dnsmasq to listen only on 'lan' and 'lan.129'
interface=lan
interface=lan.129
However, after a restart, dnsmasq is still listening on all interfaces
(*)
Post by Jason Mann
-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address,
even when it is listening on only some interfaces. It then discards
requests that it shouldn't reply to. This has the advantage of working even
when interfaces come and go and change address. This option forces dnsmasq
to really bind only the interfaces it is listening on. About the only time
when this is useful is when running another nameserver (or another instance
of dnsmasq) on the same machine. Setting this option also enables multiple
instances of dnsmasq which provide DHCP service to run in the same machine.
Try adding "bind-interfaces" to your configuration. (The man page also
describes a "bind-dynamic" option, but this won't work under FreeBSD.)
Loading...