I used to use another (small) machine as my LAN DHCP/DNS server (using dnsmasq) but that machine's other uses disappeared so I decided to move the dnsmasq configuration to my desktop machine. My desktop machine is on all the time because it's also a web server and I access it to read my E-Mail when I'm away from home.
So, I have configured my desktop to have a static IP on the LAN with /etc/network/interfaces containing:-
auto lo iface lo inet loopback
iface eth0 inet static address 192.168.1.4 netmask 255.255.255.0 gateway 192.168.1.1 dns-domain zbmc.eu dns-search zbmc.eu dns-nameservers 127.0.0.1 195.74.113.58 194.72.0.114
auto eth0
That 127.0.0.1 in the dns-nameservers is (I believe) correct, it makes dnsmasq act as a local caching nameserver.
Everything seems to work OK once booted but I'm getting a message on the xubuntu boot screen saying "Waiting for network configuration", that seems odd to me as it indicates that Network Manager is waiting for a DHCP response from somewhere and it doesn't need it.
I have removed the "dns=dnsmasq" line from NetworkManager.conf so that Network Manager isn't trying to run its own copy of dnsmasq.
On Wed, 21 Nov 2012 16:51:29 +0000 Chris Green cl@isbd.net allegedly wrote:
So, I have configured my desktop to have a static IP on the LAN with /etc/network/interfaces containing:-
auto lo iface lo inet loopback iface eth0 inet static address 192.168.1.4 netmask 255.255.255.0 gateway 192.168.1.1 dns-domain zbmc.eu dns-search zbmc.eu dns-nameservers 127.0.0.1 195.74.113.58 194.72.0.114 auto eth0
That 127.0.0.1 in the dns-nameservers is (I believe) correct, it makes dnsmasq act as a local caching nameserver.
If your desktop is running a version of ubuntu, I think you will find that port 53 is open on address 127.0.1.1, not the more usual local loopback.
Mick ---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------
On Sat, Nov 24, 2012 at 09:13:49AM +0000, mick wrote:
On Wed, 21 Nov 2012 16:51:29 +0000 Chris Green cl@isbd.net allegedly wrote:
So, I have configured my desktop to have a static IP on the LAN with /etc/network/interfaces containing:-
auto lo iface lo inet loopback iface eth0 inet static address 192.168.1.4 netmask 255.255.255.0 gateway 192.168.1.1 dns-domain zbmc.eu dns-search zbmc.eu dns-nameservers 127.0.0.1 195.74.113.58 194.72.0.114 auto eth0
That 127.0.0.1 in the dns-nameservers is (I believe) correct, it makes dnsmasq act as a local caching nameserver.
If your desktop is running a version of ubuntu, I think you will find that port 53 is open on address 127.0.1.1, not the more usual local loopback.
Er, um, and? I'm sorry I don't really understand what that's telling me.
Both 127.0.0.1 and 127.0.1.1 seem to have someone listening:-
root@chris:~# nmap localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2012-11-24 10:31 GMT Nmap scan report for localhost (127.0.0.1) Host is up (0.0000090s latency). Not shown: 987 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 119/tcp open nntp 631/tcp open ipp 2049/tcp open nfs 3306/tcp open mysql 5432/tcp open postgresql 9000/tcp open cslistener 9090/tcp open zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds root@chris:~# nmap 127.0.1.1
Starting Nmap 5.21 ( http://nmap.org ) at 2012-11-24 10:31 GMT Nmap scan report for 127.0.1.1 Host is up (0.0000040s latency). Not shown: 989 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 119/tcp open nntp 631/tcp open ipp 2049/tcp open nfs 9000/tcp open cslistener 9090/tcp open zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
On 24 November 2012 10:33, Chris Green cl@isbd.net wrote:
On Sat, Nov 24, 2012 at 09:13:49AM +0000, mick wrote:
If your desktop is running a version of ubuntu, I think you will find that port 53 is open on address 127.0.1.1, not the more usual local loopback.
Er, um, and? I'm sorry I don't really understand what that's telling me.
Both 127.0.0.1 and 127.0.1.1 seem to have someone listening:-
root@chris:~# nmap localhost
Not directly helpful, but it probably makes far better reading to use netstat -tapn on the machine instead of nmap. If you run it as root, you can see what process has bound to a given port, rather than using nmap which I think only tells you what the port means in /etc/services.
Regards, Srdjan
On Sat, 24 Nov 2012 12:44:37 +0000, todorovic.s@googlemail.com said:
it probably makes far better reading to use netstat -tapn on the machine instead of nmap.
I agree that netstat is a better utility to use; however, you've made a classic mistake (I suspect) of learning a convenient set of switches for a utility and then using them without perhaps appreciating what each one does.
-a will show non-listening sockets, which is unnecessary in this case
-t will show tcp connections; however, DNS uses UDP (mostly), so not only is -t unnecessary, but the omission of -u means the command won't show what we need.
Better:
netstat -ulnp
Better still:
lsof -i udp:53
On 24 November 2012 13:48, Keith Edmunds kae@midnighthax.com wrote:
On Sat, 24 Nov 2012 12:44:37 +0000, todorovic.s@googlemail.com said:
it probably makes far better reading to use netstat -tapn on the machine instead of nmap.
-a will show non-listening sockets, which is unnecessary in this case
Incorrect.
-a, --all Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up.
-t will show tcp connections; however, DNS uses UDP (mostly), so not only is -t unnecessary, but the omission of -u means the command won't show what we need.
True, in this case I was wrong. But we Linux users should be double-checking the man pages and adjusting command line parameters when someone on the Internet gives us command or code snippets that we are not familiar with, right? ;-)
Regards, Srdjan
On Sat, 24 Nov 2012 13:58:49 +0000, todorovic.s@googlemail.com said:
-a will show non-listening sockets, which is unnecessary in this case
Incorrect.
Are you contesting that -a will show non-listening sockets, or are you contesting that non-listening sockets are unnecessary in this case?
On 24 November 2012 13:58, Srdjan Todorovic todorovic.s@googlemail.com wrote:
On 24 November 2012 13:48, Keith Edmunds kae@midnighthax.com wrote:
On Sat, 24 Nov 2012 12:44:37 +0000, todorovic.s@googlemail.com said:
it probably makes far better reading to use netstat -tapn on the machine instead of nmap.
-a will show non-listening sockets, which is unnecessary in this case
Incorrect.
-a, --all Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up.
Aarrhhhh!! I need another coffee. I think what you meant was that -a is ok, but we don't need the ESTABLISHED entries, so use -l instead. I read your email incorrectly to mean that -a is not acceptable at all. I apologise for that.
Regards, Srdjan
On Sat, Nov 24, 2012 at 12:44:37PM +0000, Srdjan Todorovic wrote:
On 24 November 2012 10:33, Chris Green cl@isbd.net wrote:
On Sat, Nov 24, 2012 at 09:13:49AM +0000, mick wrote:
If your desktop is running a version of ubuntu, I think you will find that port 53 is open on address 127.0.1.1, not the more usual local loopback.
Er, um, and? I'm sorry I don't really understand what that's telling me.
Both 127.0.0.1 and 127.0.1.1 seem to have someone listening:-
root@chris:~# nmap localhost
Not directly helpful, but it probably makes far better reading to use netstat -tapn on the machine instead of nmap. If you run it as root, you can see what process has bound to a given port, rather than using nmap which I think only tells you what the port means in /etc/services.
I *knew* there was a better way to see port information, I just couldn't remember what it was!
On Sat, Nov 24, 2012 at 01:48:47PM +0000, Keith Edmunds wrote:
On Sat, 24 Nov 2012 12:44:37 +0000, todorovic.s@googlemail.com said:
it probably makes far better reading to use netstat -tapn on the machine instead of nmap.
I agree that netstat is a better utility to use; however, you've made a classic mistake (I suspect) of learning a convenient set of switches for a utility and then using them without perhaps appreciating what each one does.
-a will show non-listening sockets, which is unnecessary in this case
-t will show tcp connections; however, DNS uses UDP (mostly), so not only is -t unnecessary, but the omission of -u means the command won't show what we need.
Better:
netstat -ulnp
Which gives:-
chris$ netstat -ulnp (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:39072 0.0.0.0:* - udp 0 0 0.0.0.0:43381 0.0.0.0:* - udp 0 0 0.0.0.0:56390 0.0.0.0:* - udp 0 0 0.0.0.0:3483 0.0.0.0:* - udp 0 0 0.0.0.0:52667 0.0.0.0:* - udp 0 0 0.0.0.0:36459 0.0.0.0:* - udp 0 0 0.0.0.0:53 0.0.0.0:* - udp 0 0 0.0.0.0:67 0.0.0.0:* - udp 0 0 0.0.0.0:111 0.0.0.0:* - udp 230400 0 0.0.0.0:631 0.0.0.0:* - udp 0 0 127.0.0.1:760 0.0.0.0:* - udp 0 0 0.0.0.0:989 0.0.0.0:* - udp 0 0 0.0.0.0:5353 0.0.0.0:* - udp 0 0 0.0.0.0:54952 0.0.0.0:* - udp 0 0 0.0.0.0:42797 0.0.0.0:* - udp 0 0 0.0.0.0:1900 0.0.0.0:* - udp 0 0 192.168.1.4:1900 0.0.0.0:* - udp 0 0 0.0.0.0:2049 0.0.0.0:* - udp6 0 0 :::40718 :::* - udp6 0 0 :::53 :::* - udp6 0 0 :::111 :::* - udp6 0 0 :::45354 :::* - udp6 0 0 :::41453 :::* - udp6 0 0 :::989 :::* - udp6 0 0 :::5353 :::* - udp6 0 0 :::50582 :::* - udp6 0 0 :::34671 :::* - udp6 0 0 :::59320 :::* -
Better still:
lsof -i udp:53
Which produces no output at all.
On Sat, 24 Nov 2012 14:28:26 +0000, cl@isbd.net said:
lsof -i udp:53
Which produces no output at all.
You need to run it as root.
On Sat, Nov 24, 2012 at 02:49:57PM +0000, Keith Edmunds wrote:
On Sat, 24 Nov 2012 14:28:26 +0000, cl@isbd.net said:
lsof -i udp:53
Which produces no output at all.
You need to run it as root.
Why didn't it tel me! :-)
root@chris:~# lsof -i udp:53 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dnsmasq 1269 dnsmasq 6u IPv4 9682 0t0 UDP *:domain dnsmasq 1269 dnsmasq 8u IPv6 9684 0t0 UDP *:domain
So dnsmasq is listening as expected.