News: This forum is now permanently frozen.
Pages: [1]
Topic: DNS Forwarder (dnsmasq) on WAN interface!  (Read 3555 times)
« on: August 17, 2007, 00:01:27 »
stirnimann *
Posts: 1


the DNS Forwarder (dnsmasq) is if enabled listening on the WAN and LAN interface.

I think this is a bug because there is absolutely no reason dnsmasq is listening on the WAN interface. Well, I can think of some people for which it should listen on OPT1 as well. Maybe for some configuration it is even required to listen on even more interfaces.

A fix which should please anybody is if dnsmasq is started with --except-interface=WAN
Personally, I would be happy if dnsmasq is started with --listen-address= but as I have said, there are likely some people who want it to be reachable on other interfaces such as OPT1 as well.

Of course, there is always the possibility to set a firewall rule on the WAN interface which prohibits access to TCP/UDP Port 53 but I think the default configuration if DNS Forwarding is enabled should be safe.

Tested against 1.3b2 and 1.3b3
Hardware: Soekris net48xx
Pages: [1]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines