我正在考虑使用 dnsmasq 服务器轻松提供一些本地临时主机名,并为本地客户端提供递归 DNS。
但是,一旦将 dnsmasq 服务配置为递归 DNS 服务器,它似乎总是允许任何客户端查找 DNS 条目。
有没有办法限制 dnsmasq 服务只允许来自本地客户端的请求,比如 192.168.0.0/16 和 127.0.0.0/8 甚至可能是一些选择的公共 IP?
我可以用 iptables 做到这一点,但如果我可以将与 DNS 相关的配置保留在 dnsmasq 本地会更好。
问问题
3332 次
1 回答
0
you can restrict the interface that dnsmasq listens on (say for example your local network):
this specifies only listen on eth0:
interface=eth0
and this specifies only listen on a particular address (in this case 192.168.1.1):
listen-address:192.168.1.1
you can also specify an interface not to listen on:
except-interface=eth1
you can repeat the line for more than one interface.
AMENDMENT
apologies, i've re-read your question and don't believe my answer is particularly helpful, you want to restrict access to dns (in dnsmasq conf), not restrict where/how your dhcp leases are handed out. I don't know how to do this in the dnsmasq conf file, so i'll let someone else answer. I'll leave my original answer here, just on the off chance it's useful to anyone.
于 2014-03-17T23:34:45.030 回答