After rebooting, dnsmasq service is running, but does not respond to remote requests (trying using "dig @10.0.0.1 stackexchange.com" from another machine). The log looks good in my opinion:
Aug 11 17:41:04 srvname systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server... Aug 11 17:41:04 srvname dnsmasq[488]: dnsmasq: syntax check OK. Aug 11 17:41:04 srvname dnsmasq[530]: started, version 2.76 cachesize 150 Aug 11 17:41:04 srvname dnsmasq[530]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ips Aug 11 17:41:04 srvname dnsmasq[530]: DNS service limited to local subnets Aug 11 17:41:04 srvname dnsmasq[530]: using nameserver 208.67.222.222#53 Aug 11 17:41:04 srvname dnsmasq[530]: using nameserver 208.67.220.220#53 Aug 11 17:41:04 srvname dnsmasq[530]: read /etc/hosts - 5 addresses Aug 11 17:41:04 srvname systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Aug 11 17:41:21 srvname dnsmasq[530]: Ignoring query from non-local network I have no idea where the last line comes from but it is there immediately after reboot before I do anything.
If I restart the dnsmasq service, I get the same log entries except for the last line and then it is reachable for all machines on the network - all is fine.
dnsmasq config:
domain-needed bogus-priv no-resolv server=208.67.220.220 server=208.67.222.222 address=/homeserver.mydomain.com/10.0.0.99 The last line is so that machines on my local network will be able to find the server itself using its domain name. My internet router won't forward requests for homeserver.mydomain.com from the local network to 10.0.0.99 on its own (this is a feature some routers have and some (like mine) do not).
In addition to this config I filter out malware servers from a list.
relevant iptables config (iptables-persistent file):
-A INPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --sport 53 -j ACCEPT I have found two possible solutions so far, however I don't know how to implement them:
- in an earlier question someone mentions that disabling IPv6 helped them with a similar issue. However, I am not sure how to do that.
- A friend suggested that the order in which the services are started might be the issue and to move dnsmasq to the end so it starts last. However, I am also not sure how to modify this. What I tried already was to put into /etc/network/interfaces the following line: "post-up /usr/sbin/service dnsmasq restart" (attempting to force the reboot after the network comes up). However, that did not help either.
OS: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64 GNU/Linux
Hardware: Asus VivoMini Intel N3000
egrep -hrv '^#|^$' /etc/dnsmasq.*(of course, edit out any sensitive stuff). Try addingexcept-interface=ethXto the config (where ethX is an interface you don't need dnsmasq to listen on) -- the errors suggest thatlocal-serviceis in effect and the machine you're querying from is not on the same subnet.interface=you_ethXto the config. Read about--local-servicein the manpage for how it interacts withexcept-interfaceandinterface( the--local-serviceoption is given directly on the command line of dnsmasq in debian, have a look at/etc/init.d/dnsmasq).except-interfacewith an interface that doesn't exist, eg.except-interface=no_such_ifwill also turn off thelocal-serviceoption.