Linux-Mint
如何限制 dnsmasq 只監聽一個介面?
我試圖讓
dnsmasq(2.66 版)只收聽環回介面,但它沉迷於收聽所有可用地址,即0.0.0.0:53 ,儘管有以下參數:# dnsmasq -ilo --pid-file=/run/dnsmasq-lo.pid dnsmasq: failed to create listening socket for port 53: Adress already in use我還有其他正在執行的 dnsmasq 程序,它們似乎只監聽一個 IP 地址:
# netstat -ltaupn | sed -rne 2p -e '/:53\b/p' Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.125.1:53 0.0.0.0:* LISTEN 4224/dnsmasq tcp 0 0 192.168.124.1:53 0.0.0.0:* LISTEN 4221/dnsmasq udp 0 0 192.168.125.1:53 0.0.0.0:* 4224/dnsmasq udp 0 0 192.168.124.1:53 0.0.0.0:* 4221/dnsmasq當我殺死所有
dnsmasq實例並重新執行我的命令時,這就是我所擁有的:# dnsmasq -ilo --pid-file=/run/dnsmasq-lo.pid # netstat -ltaupn | sed -rne 2p -e '/:53\b/p' Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 4452/dnsmasq tcp6 0 0 :::53 :::* LISTEN 4452/dnsmasq udp 0 0 0.0.0.0:53 0.0.0.0:* 4452/dnsmasq udp6 0 0 :::53 :::* 4452/dnsmasq以下論點,單獨或組合不會改變任何事情:
--local=// -a127.0.0.1 -Ieth0 -Ieth1 -Ivirbr0 -Ivrbr1如何強制
dnsmasq只聽我想要的一個介面,即環回介面?
感謝stéphane-chazelas,一個可能的答案是添加
--bind-interfaces. 我忽略了這個選項,因為我限制自己閱讀命令行幫助:# dnsmasq --help | grep bind-interfaces -z, --bind-interfaces Bind only to interfaces in use.我沒有條件仔細檢查手冊頁。恕我直言,這種幫助仍然令人困惑。
然而,手冊頁指出:
-z, --bind-interfaces On systems which support it, dnsmasq binds the wildcard address, even when it is listening on only some interfaces. It then dis- cards requests that it shouldn't reply to. This has the advan- tage of working even when interfaces come and go and change address. This option forces dnsmasq to really bind only the interfaces it is listening on. About the only time when this is useful is when running another nameserver (or another instance of dnsmasq) on the same machine. Setting this option also enables multiple instances of dnsmasq which provide DHCP service to run in the same machine.哪個更清楚。