How To Stop DNSMasq from listening on all IPs/Interfaces and allow only localhost

Some people find it less than intuitive to do on DNSMasq and by default DNSMasq is available on 0.0.0.0 which could even be your LAN or Public IP.

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      2139/dnsmasq   

How do we fix it so DNSMasq listens on localhost only?

The default that most will do is edit /etc/dnsmasq.conf and then set this

listen-address=127.0.0.1

But all that is needed is actuallly the "bind-interfaces" option and in fact if you don't have that option, it will still listen on 0.0.0.0 which may not be what you want.

Note that even interface= will not help, especially if you don't have the bind-interfaces option as we show below.

So just add this to /etc/dnsmasq.conf

bind-interfaces

Then restart dnsmasq and check:

ctive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2230/dnsmasq        


Tags:

dnsmasq, ips, interfaces, localhostsome, intuitive, default, lan, ip, active, connections, servers, established, proto, recv, pid, tcp, listens, localhost, edit, etc, conf, actuallly, quot, bind, interface, restart, ctive,

Latest Articles

  • Recommended SFP+ to RJ45 Adapter Module for Switch Juniper Cisco Ubiquiti TP-Link etc...
  • Bad Power Supply Issue Story Diagnosing Troubleshooting
  • Getting started with AI (Artificial Intelligence) in Linux / Ubuntu using by deploying LLM (Language Learing Models) using Ollama LLMA
  • microk8s kubernetes how to install OpenEBS
  • Flash LSI MegaRAID 2208 to IT mode in Linux Mint/Debian/Ubuntu
  • LSI MegaRAID in Linux Ubuntu / Centos Tutorial Setup Guide megacli
  • Convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/413. convert-im6.q16: no images defined `pts-time.jpg' @ error/convert.c/ConvertImageCommand/3258. solution ImageMagick P
  • Apache PHP sending expires header solution cannot use cache with CDN
  • How to install virt-manager in Mint 22/Ubuntu 22
  • Infiniband Guide
  • python mysql install error: /bin/sh: 1: mysql_config: not found /bin/sh: 1: mariadb_config: not found /bin/sh: 1: mysql_config: not found mysql_config --version
  • FreePBX 17 How To Add a Trunk
  • Docker Container Onboot Policy - How to make sure a container is always running
  • FreePBX 17 How To Add Phones / Extensions and Register
  • Warning: The driver descriptor says the physical block size is 2048 bytes, but Linux says it is 512 bytes. solution
  • Cisco How To Use a Third Party SIP Phone (eg. Avaya, 3CX)
  • Cisco Unified Communication Manager (CUCM) - How To Add Phones
  • pptp / pptpd not working in DD-WRT iptables / router
  • systemd-journald high memory usage solution
  • How to Install FreePBX 17 in Linux Debian Ubuntu Mint Guide
    • Copyright © realtechtalk.com 2025