dnsmasq 2.69 sudden timeouts
Yesterday I upgraded from dnsmasq 2.68 to dnsmasq 2.69. After that, all DNS queries were resulting in a timeout.
I used Nmap to check if port 53 wasn’t blocked, but this was not the case. Also netstat -a
was showing dnsmasq listening on all interfaces. All I could find in the log was the following message:
Ignoring query from non-local network
After I was sure port 53 wasn’t blocked and dnsmasq was listening on all interfaces properly, I decided to take a look at dnsmasq’s changelog:
Add
--local-service
. Accept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server. This option only has effect if there are no--interface
--except-interface
,--listen-address
or--auth-server
options. It is intended to be set as a default on installation, to allow unconfigured installations to be useful but also safe from being used for DNS amplification attacks.
Apparently dnsmasq isn’t accepting queries from any other host than itself by default anymore. I solved this issue by adding a few listen-address
entries in my configuration file.
Leave a comment