Bind behind dnsmasq on same device

V10lator · October 1, 2018, 2:01pm

As germany starts to censor the web (currently one ISP (Vodafone) is forced by government to filter at least 2 domains (kinox and Library Genesis)) I want to prepare for the future by using my own DNS server querying root servers only. For this I installed Bind and configured it to listen on IP 127.0.0.1 port 5353:

root@router:~# nslookup -p5353 google.de localhost
Server:         localhost
Address:        127.0.0.1#5353

Name:      google.de
Address 1: 172.217.21.3
Address 2: 2a00:1450:4016:80b::2003

Now I want to tell dnsmasq to use this new DNS server but how to define the custom port? The UI treats ":" or "#" as invalid characters and manually setting it in the config file doesn't work.

Before someone asks "why don't you use Bind only": I want to get dynamic DNS entries from the DHCP requests but according to https://wiki.openwrt.org/doc/howto/dns.bind using bind only "will disable automatic creation of your internal hostnames".

lleachii · October 1, 2018, 2:12pm

If you don't get the custom port to work, you can always create a VLAN or dummy interface with a valid IP to attach BIND to.
Also, since Dnsmasq is designed to use real DNS servers, I'm not sure you can re-specify the port.

V10lator · October 1, 2018, 2:59pm

Thanks, after digging a bit deeper this seems to be the only option. For all who want to know why: UCI creates a temporary resolv.conf file for dnsmasq to use but for historical reasons a resolv.conf file is not allowed to specify ports. This is a common linux problem and will most likely not change in the foreseeable future because of compatibility for old tools.

P.S. For all who want to do the same: Don't forget to blacklist dnsmasq on the dummy0 interface.

system · October 11, 2018, 2:59pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.