Dnsmasq listening on WAN port?
-
I'm not sure if I got the right service, but the DNS service is listening on the WAN interface.. and I would like to know why? It doesn't make any sense. Further, is there anything I can change to stop it listening on the WAN interface?
-
It binds to all interfaces.
With a proper set of firewall rules that's a moot point. You shouldn't allow traffic to hit the WAN IP on port 53 (or any other port not running a public service).
That said, you can set this manually using the Advanced Options box on the DNS Forwarder page.
listen-address=192.168.1.1 bind-interfaces
That will force it to listen only on 192.168.1.1. Multiple listen-address lines can be used.
-
Aha that basically takes dnsmasq configuration options. Thanks!
Although the pertinent question still remains, why would you allow it to listen on the WAN by default?