Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Portmaster's internal DNS refuses LAN dns requests #1449

Closed
vdavide opened this issue Feb 29, 2024 · 2 comments
Closed

Portmaster's internal DNS refuses LAN dns requests #1449

vdavide opened this issue Feb 29, 2024 · 2 comments
Labels
suggestion TYPE: idea for new feature or improvements

Comments

@vdavide
Copy link

vdavide commented Feb 29, 2024

What would you like to add or change?:

Why does the internal dns server refuses requests from lan?

I set the listening address in developer mode as 0.0.0.0:53 (linux here)
2024-02-29_10-03

Then tried from another pc "dig @192.168.0.11 reddit.com"
and her's the answer:

; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> @192.168.0.11 reddit.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 47086
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;reddit.com.                    IN      A

;; ADDITIONAL SECTION:
info.portmaster.        0       IN      TXT     "external queries are not permitted"

;; Query time: 4 msec
;; SERVER: 192.168.0.11#53(192.168.0.11) (UDP)
;; WHEN: Thu Feb 29 09:49:35 CET 2024
;; MSG SIZE  rcvd: 90

And in portmaster's logs there's this:

240229 09:49:35.603 nameserver:177 ▶ WARN 069 nameserver: external request from 192.168.0.10:40365 for reddit.com.A, ignoring

Why do you and others need this?:

Would be good to allow external requests, avoiding using pihole or adguardhome for other clients in the lan
@vdavide vdavide added the suggestion TYPE: idea for new feature or improvements label Feb 29, 2024
@github-actions GitHub Actions
Copy link

Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you:

  • 🗣️ Our community on Discord is super helpful and active. We also have an AI-enabled support bot that knows Portmaster well and can give you immediate help.
  • 📖 The Wiki answers all common questions and has many important details. If you can't find an answer there, let us know, so we can add anything that's missing.

@dhaavi
Copy link
Member

dhaavi commented Feb 29, 2024
edited
Loading

Hey @vdavide,

This is a security feature and expected behavior.
The listeners is on 0.0.0.0 by default on Windows, so that we can redirect DNS queries without changing the interface the packet is on.

While there are experimental switches to allow Portmaster to answer queries from the LAN, these features are experimental, not tested and may break on updates - and I don't even know if it works correctly in the current version.
See Docs: Network Service

@dhaavi dhaavi closed this as not planned Won't fix, can't repro, duplicate, stale Feb 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
suggestion TYPE: idea for new feature or improvements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dhaavi @vdavide