dnsmasq doesn't resolve 127.0.0.1 about macos-security-and-privacy-guide HOT 13 CLOSED

The problem for me was this line in the configuration file:

conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf

There is no such file.

I commented it out and put the trusted-anchor setting instead (see README).

Note: trust anchor: https://data.iana.org/root-anchors/root-anchors.xml

Instructions:

To configure dnsmasq, copy the example configuration to /usr/local/etc/dnsmasq.conf
and edit to taste.

cp /usr/local/opt/dnsmasq/dnsmasq.conf.example /usr/local/etc/dnsmasq.conf

To have launchd start dnsmasq now and restart at startup:
sudo brew services start dnsmasq

Note: requires sudo.

It copies the file, but check the permissions, execute the following command to change it:
sudo chmod 0644 /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist

You may want to update the documentation.
Thanks for maintaining the page.

Hope this helps.

from macos-security-and-privacy-guide.

Hi Rishad,

Can you make sure dnsmasq is listening on port 53? You can check with sudo lsof -ni:53 or dig a google.com @127.0.0.1 to see if you get a valid response.

from macos-security-and-privacy-guide.

I do not get any output from the lsof command.

This is what I get for the dig command:

; <<>> DiG 9.8.3-P1 <<>> a google.com @127.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached

from macos-security-and-privacy-guide.

It looks like dnsmasq isn't running, or is listening on the wrong port.

Try defaults read /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist and then run the program with arguments manually to see if there's any errors, e.g.:

sudo /Users/drduh/homebrew/opt/dnsmasq/sbin/dnsmasq --keep-in-foreground -C /Users/drduh/homebrew/etc/dnsmasq.conf

from macos-security-and-privacy-guide.

defaults read /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist

{
    KeepAlive = 1;
    Label = "homebrew.mxcl.dnsmasq";
    ProgramArguments =     (
        "/usr/local/opt/dnsmasq/sbin/dnsmasq",
        "--keep-in-foreground",
        "-C",
        "/usr/local/etc/dnsmasq.conf"
    );
    RunAtLoad = 1;
}

sudo /Users/drduh/homebrew/opt/dnsmasq/sbin/dnsmasq --keep-in-foreground -C /Users/drduh/homebrew/etc/dnsmasq.conf:

sudo: /Users/drduh/homebrew/opt/dnsmasq/sbin/dnsmasq: command not found

from macos-security-and-privacy-guide.

Sorry, you'll have to run that as, sudo /usr/local/opt/dnsmasq/sbin/dnsmasq --keep-in-foreground -C /usr/local/etc/dnsmasq.conf since you have it installed in a different location. Let me know if you get any output from that.

from macos-security-and-privacy-guide.

No output from that but something seems to be running.

from macos-security-and-privacy-guide.

Great, so now in another Terminal window you should be able to check lsof and dig output. Maybe you forgot to load the launch daemon previously? sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ought to do it. Let me know how that works out.

from macos-security-and-privacy-guide.

sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist said the service was already loaded.

This is the output from lsof:

COMMAND   PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
dnsmasq 31066 nobody    4u  IPv4 0x6e71819a5557e477      0t0  UDP 153.90.44.135:domain
dnsmasq 31066 nobody    5u  IPv4 0x6e71819a568c8bb7      0t0  TCP 153.90.44.135:domain (LISTEN)
dnsmasq 31066 nobody    6u  IPv4 0x6e71819a5557dfa7      0t0  UDP 127.0.0.1:domain
dnsmasq 31066 nobody    7u  IPv4 0x6e71819a567f1117      0t0  TCP 127.0.0.1:domain (LISTEN)
dnsmasq 31066 nobody    8u  IPv6 0x6e71819a4f5e4c67      0t0  UDP [fe80:7::e026:fdff:feb0:7f89]:domain
dnsmasq 31066 nobody    9u  IPv6 0x6e71819a596d2f77      0t0  TCP [fe80:7::e026:fdff:feb0:7f89]:domain (LISTEN)
dnsmasq 31066 nobody   10u  IPv6 0x6e71819a58a74ad7      0t0  UDP [fe80:4::8638:35ff:fe56:89ea]:domain
dnsmasq 31066 nobody   11u  IPv6 0x6e71819a4bf00f77      0t0  TCP [fe80:4::8638:35ff:fe56:89ea]:domain (LISTEN)
dnsmasq 31066 nobody   12u  IPv6 0x6e71819a54eff117      0t0  UDP [fe80:1::1]:domain
dnsmasq 31066 nobody   13u  IPv6 0x6e71819a4bf00a37      0t0  TCP [fe80:1::1]:domain (LISTEN)
dnsmasq 31066 nobody   14u  IPv6 0x6e71819a55c3486f      0t0  UDP [::1]:domain
dnsmasq 31066 nobody   15u  IPv6 0x6e71819a4bf49f77      0t0  TCP [::1]:domain (LISTEN)

This is the output from dig:

; <<>> DiG 9.8.3-P1 <<>> a google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47290
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.            IN  A

;; ANSWER SECTION:
google.com.     121 IN  A   173.194.33.129
google.com.     121 IN  A   173.194.33.137
google.com.     121 IN  A   173.194.33.133
google.com.     121 IN  A   173.194.33.142
google.com.     121 IN  A   173.194.33.128
google.com.     121 IN  A   173.194.33.130
google.com.     121 IN  A   173.194.33.131
google.com.     121 IN  A   173.194.33.135
google.com.     121 IN  A   173.194.33.134
google.com.     121 IN  A   173.194.33.132
google.com.     121 IN  A   173.194.33.136

;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 30 11:53:49 2015
;; MSG SIZE  rcvd: 204

from macos-security-and-privacy-guide.

Great, it looks like everything's loaded and working now. Can you try setting your DNS server to 127.0.0.1 again and see if your other programs work in resolving domain names?

from macos-security-and-privacy-guide.

I just tried setting my DNS server to 127.0.0.1 but nothing loads up in my web browser.

from macos-security-and-privacy-guide.

Even though the dig and lsof commands both return results? Strange stuff. I'm not quite sure what to make of that, then.

from macos-security-and-privacy-guide.

I reinstalled dnsmasq and followed the steps again. It worked fine this time. I don't know why that is! Thank you for your help!

from macos-security-and-privacy-guide.