我试图让dnsmasq(版本 2.66)只听回送接口,但它痴迷于听所有可用的地址,即0.0.0.0:53尽管有以下参数:
# dnsmasq -ilo --pid-file=/run/dnsmasq-lo.pid
dnsmasq: failed to create listening socket for port 53: Adress already in use
我还有其他正在运行的 dnsmasq 进程,它们似乎只监听一个 IP 地址:
# netstat -ltaupn | sed -rne 2p -e '/:53\b/p'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.125.1:53 0.0.0.0:* LISTEN 4224/dnsmasq
tcp 0 0 192.168.124.1:53 0.0.0.0:* LISTEN 4221/dnsmasq
udp 0 0 192.168.125.1:53 0.0.0.0:* 4224/dnsmasq
udp 0 0 192.168.124.1:53 0.0.0.0:* 4221/dnsmasq
当我杀死所有dnsmasq实例并重新运行我的命令时,这就是我所拥有的:
# dnsmasq -ilo --pid-file=/run/dnsmasq-lo.pid
# netstat -ltaupn | sed -rne 2p -e '/:53\b/p'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 4452/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 4452/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 4452/dnsmasq
udp6 0 0 :::53 :::* 4452/dnsmasq
以下参数,单独或组合不会改变一个该死的事情:
--local=//
-a127.0.0.1
-Ieth0 -Ieth1 -Ivirbr0 -Ivrbr1
如何强制只dnsmasq收听我想要的一个接口,即环回接口?
小智 6
感谢stéphane-chazelas,一个可能的答案是添加--bind-interfaces. 我忽略了限制自己阅读命令行帮助的选项:
# dnsmasq --help | grep bind-interfaces
-z, --bind-interfaces Bind only to interfaces in use.
我没有条件仔细检查手册页。恕我直言,这种帮助仍然令人困惑。
然而,手册页指出:
-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address,
even when it is listening on only some interfaces. It then dis-
cards requests that it shouldn't reply to. This has the advan-
tage of working even when interfaces come and go and change
address. This option forces dnsmasq to really bind only the
interfaces it is listening on. About the only time when this is
useful is when running another nameserver (or another instance
of dnsmasq) on the same machine. Setting this option also
enables multiple instances of dnsmasq which provide DHCP service
to run in the same machine.
这更清楚。