Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 02:08:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce new --local-service=host parameter

Browse Source 
Similar to local-service, but more strict. Listen only on localhost
unless other interface is specified. Has no effect when interface is
provided explicitly. I had multiple bugs fillen on Fedora, because I have
changed default configuration to:

interface=lo
bind-interfaces

People just adding configuration parts to /etc/dnsmasq.d or appending to
existing configuration often fail to see some defaults are already there.
Give them auto-ignored configuration as smart default.

Signed-off-by: Petr Menšík <pemensik@redhat.com>

Do not add a new parameter on command line. Instead add just parameter
for behaviour modification of existing local-service option. Now it
accepts two optional values:
- net: exactly the same as before
- host: bind only to lo interface, do not listen on any other addresses
  than loopback.
This commit is contained in:
Petr Menšík
2021-10-05 13:46:51 +02:00
committed by Simon Kelley
parent 63ba726e1f
commit 2748d4e901
4 changed files with 42 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
man/dnsmasq.8
View File

@@ -270,14 +270,16 @@ the address dnsmasq is listening on. When an interface is specified,
it may be qualified with "/4" or "/6" to specify only the IPv4 or IPv6
addresses associated with the interface. Since any defined authoritative zones are also available as part of the normal recusive DNS service supplied by dnsmasq, it can make sense to have an --auth-server declaration with no interfaces or address, but simply specifying the primary external nameserver.
.TP
.B --local-service
.B --local-service[=net|host]
Without parameter or with net parameter, restricts service to connected network.
Accept DNS queries only from hosts whose address is on a local subnet,
ie a subnet for which an interface exists on the server. This option
ie a subnet for which an interface exists on the server. With host parameter, listens
only on lo interface and accepts queries from localhost only. This option
only has effect if there are no \fB--interface\fP, \fB--except-interface\fP,
\fB--listen-address\fP or \fB--auth-server\fP options. It is intended to be set as
a default on installation, to allow unconfigured installations to be
useful but also safe from being used for DNS amplification attacks.
.TP
.TP
.B \-2, --no-dhcp-interface=<interface name>
Do not provide DHCP, TFTP or router advertisement on the specified interface, but do provide DNS service.
.TP