Bind dnsmasq DNS to just localhost (127.0.0.1)

Solution 1:

I had to add "bind-interfaces" to the config file, so that interface and listen-address had the desired effect. E.g.:

listen-address=127.0.0.1
interface=lo
bind-interfaces

This will have the desired effect of listening only on localhost. I was running into issues, since I was running a public dns (that resolves just my own domains) on the public ip of the server, but I wanted to run dnsmasq on localhost, too. So if I remove "bind-interfaces", I will get "dnsmasq: failed to create listening socket for port 53: Address already in use", as it tries to listen on the public IP.

Solution 2:

Yes you can do that

The dnsmasq man page says this about the --interface argument:

 -i, --interface=<interface name>
          Listen only on the specified interface(s). Dnsmasq automatically adds the loopback (local) interface to the list of interfaces  to  use
          when  the  --interface option  is used. If no --interface or --listen-address options are given dnsmasq listens on all available inter‐
          faces except any given in --except-interface options. IP alias interfaces (eg "eth1:0") cannot be used with  --interface  or  --except-
          interface  options,  use  --listen-address  instead.  A  simple  wildcard, consisting of a trailing '*', can be used in --interface and
          --except-interface options.

The interface name for localhost/127.0.0.1 would be lo by default on most systems.

You can put it right in your config file like so

interface=lo

Or specify it on the command line like so

dnsmasq --interface=lo