Yesterday I upgraded from dnsmasq 2.68 to dnsmasq 2.69. After that, all DNS queries were resulting in a timeout.
I used Nmap to check if port 53 wasn’t blocked, but this was not the case. Also
netstat -a was showing dnsmasq listening on all interfaces. All I could find in the log was the following message:
Ignoring query from non-local network
After I was sure port 53 wasn’t blocked and dnsmasq was listening on all interfaces properly, I decided to take a look at dnsmasq’s changelog:
--local-service. Accept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server. This option only has effect if there are no
--auth-serveroptions. It is intended to be set as a default on installation, to allow unconfigured installations to be useful but also safe from being used for DNS amplification attacks.
Apparently dnsmasq isn’t accepting queries from any other host than itself by default anymore. I solved this issue by adding a few
listen-address entries in my configuration file.