Add option for listening by IP Address during install


#1

dnsmasq is kinda funny in that it will auto listen on the loopback interface if you include an interface config line (see man page snippet below). Which is what the pihole install script does. Which is really unlike any other *nix network service configuration. Meaning I explicitly tell the service what to listen on and it only listens on that. This broke my config since I planned on pihole talking to my bind9 server running on loopback. I had to edit my /etc/dnsmasq.d/01-pihole.conf by hand. I can deal with that, however there is no other choice when installing and when I change a setting via the web interface the interface line is again added.so if I restart dnsmasq again it pukes. I’m wondering if we could have an install option to only listen on an IP. to prevent dnsmasq from auto listening on the loopback and in some cases everything

On some level I get it I’m an edge case. Not everyone is going to be running two dns servers and four webservers (although ssl termination via Nginx proxying is gaining in popularity). I also get that pihole was developed to be on a standalone rasberry pi. However not being able to override this is annoying and I think it’s a trivial install script fix.

–listen-address=
Listen on the given IP address(es). Both --interface and --listen-address options may be given, in which case the set of both interfaces and addresses is used. Note that if no --interface option is given, but --listen-address is, dnsmasq will not automatically listen on the loopback interface. To achieve this, its IP address, 127.0.0.1, must be explicitly given as a --listen-address option.


#2

You may not be as much an edge case as you think. Internally we use nginx heavily as an SSL/TLS front and as a load balancer. I would almost say that this is a bug and not a feature request as we should just be listening on specific interfaces/IP addresses and not binding to undesired interfaces. I’ll bring this up for some internal discussion, but if you would like to, open an issue on GitHub referencing this and I’ll take a look at the code. Thanks for bringing this to our attention.


#3

Ok cool. I did look through the bug requests on github although I was hesitant to phrase this as such because there was a bunch of bugs “fixed” by listening on everything. I’ll open defect


#4

This is easy to work around. Just remove interface line in /etc/dnsmasq.d/01-pihole.conf and add following lines to /etc/dnsmasq.conf:

listen-address=127.0.0.1
listen-address=<your_IPv4>
listen-address=::1
listen-address=<your_IPv6>
bind-interfaces

Of course the loopback IPv4 and IPv6 address are optional and I included them just to show the format, i.e. no square brackets ([ and ]) are needed.

I am talking about

# pihole -v
  Pi-hole version is v4.1 (Latest: v4.1)
  AdminLTE version is v4.1 (Latest: v4.1)
  FTL version is v4.1 (Latest: v4.1)