ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0021001ClearOSapp-dns - DNS Serverpublic2018-08-04 07:072020-01-22 04:09
ReporterNickH 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version7.5.0 
Target Version7.6.0Fixed in Version7.6.0 
Summary0021001: Make dnsmasq only bind to interface IP's
DescriptionIn order to run Docker/Samba Domain Controller on a LAN IP within ClearOS, dnsmasq needs to be changed to bind on LAN IP's only, otherwise, if you set up a Virtual IP in ClearOS ,dnsmasq will bind to that as well, stopping the Docker/Samba Domain Controller from binding to port 53.

There appear to be two ways of doing this:
For both set "bind-interfaces" in /etc/dnsmasq.conf

Then either:
set listen-address to all the LAN interface basic IP's (including docker interfaces) and loopback - you don't need to bother about WAN IP's. You must exclude virtual IP's.
or:
set "except-interface=" to your list of virtual interfaces e.g. enp2s0f1:0

If you use the "except-interface" solution, you can also create exceptions for all WAN interfaces to ensure this parameter has a value.

Note you cannot use the "interface=" parameter as this will cause dnsmasq to also bind to the virtual IP's.

Also note the "except-interface" method does not allow wildcards so you cannot except *:*

I have not tested with VLANs but I would have thought they'd need to also listen.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
related to 0022301closed dloper Make dnsmasq only bind to interface IP's - always 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-08-04 07:07NickHNew Issue
2018-08-04 23:53user2Prioritynormal => low
2018-08-04 23:53user2Severityminor => feature
2018-08-04 23:53user2Statusnew => confirmed
2018-08-06 02:24NickHNote Added: 0007731
2018-11-08 08:45user2Prioritylow => normal
2018-11-08 08:45user2Target Version => 7.6.0
2018-11-08 14:01user2Issue cloned: 0022301
2018-11-08 14:01user2Relationship addedrelated to 0022301
2018-11-08 14:02user2Statusconfirmed => resolved
2018-11-08 14:02user2Fixed in Version => 7.6.0
2018-11-08 14:02user2Resolutionopen => fixed
2018-11-08 14:02user2Assigned To => user2
2020-01-22 04:09NickHNote Added: 0012911
2020-01-22 04:09NickHStatusresolved => closed
2020-01-22 04:09NickHAssigned Touser2 =>

Notes
(0007731)
NickH   
2018-08-06 02:24   
I cannot reproduce the comment about specifying the interfaces with an "interface=" line as it does seem to bind to the specified interfaces only so could be a good option as it is the same as the Samba set of interfaces.
Note you'd need to bind to all LAN/HotLAN interfaces and the docker0 interface (if you want docker/ClearGLASS to use an internal resolver there is a separate bug for this).
(0012911)
NickH   
2020-01-22 04:09   
Duplicate of https://gitlab.com/clearos/clearfoundation/app-dns/issues/5 [^]