我试图让dnsmasq(版本 2.66)只监听环回接口,但它痴迷于监听全部可用地址,即0.0.0.0:53尽管有以下论点:
# dnsmasq -ilo --pid-file=/run/dnsmasq-lo.pid
dnsmasq: failed to create listening socket for port 53: Adress already in use
我有其他正在运行的 dnsmasq 进程,它们似乎只监听一个 IP 地址:
# netstat -ltaupn | sed -rne 2p -e '/:53\b/p'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.125.1:53 0.0.0.0:* LISTEN 4224/dnsmasq
tcp 0 0 192.168.124.1:53 0.0.0.0:* LISTEN 4221/dnsmasq
udp 0 0 192.168.125.1:53 0.0.0.0:* 4224/dnsmasq
udp 0 0 192.168.124.1:53 0.0.0.0:* 4221/dnsmasq
当我杀死所有dnsmasq实例并重新运行我的命令时,这就是我所拥有的:
# dnsmasq -ilo --pid-file=/run/dnsmasq-lo.pid
# netstat -ltaupn | sed -rne 2p -e '/:53\b/p'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 4452/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 4452/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 4452/dnsmasq
udp6 0 0 :::53 :::* 4452/dnsmasq
以下论点,单独或组合起来都不会改变什么:
--local=//
-a127.0.0.1
-Ieth0 -Ieth1 -Ivirbr0 -Ivrbr1
怎样才能强迫自己dnsmasq去听仅有的我想要的一个接口,即环回接口?
答案1
谢谢斯蒂芬·查泽拉斯,一个可能的答案是添加--bind-interfaces.我忽略了这个选项,因为我限制自己阅读命令行帮助:
# dnsmasq --help | grep bind-interfaces
-z, --bind-interfaces Bind only to interfaces in use.
我没有本能地仔细检查手册页。恕我直言,这种帮助仍然令人困惑。
然而,手册页指出:
-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address,
even when it is listening on only some interfaces. It then dis-
cards requests that it shouldn't reply to. This has the advan-
tage of working even when interfaces come and go and change
address. This option forces dnsmasq to really bind only the
interfaces it is listening on. About the only time when this is
useful is when running another nameserver (or another instance
of dnsmasq) on the same machine. Setting this option also
enables multiple instances of dnsmasq which provide DHCP service
to run in the same machine.
这更清楚。