Reputation: 3791
Why i see DST="127.0.0.53" on -j REDIRECTed packets?
I am confused about situation in my NATed network. I start dnsmasq on router, with listen-address=192.168.100.1 and -p 5353 option for DNS port. Afterwards, i add iptables rule for hosts inside that network:
iptables -t nat -I PREROUTING -s 192.168.100.0/24 \
-d 192.168.100.1 -p udp --dport 53 -j REDIRECT --to-ports 5353
But this didn't work first time, since my INPUT policy is DROP: when i add this rule, everything starts to work:
iptables -I INPUT -p udp --dport 53 -d 127.0.0.53 -j ACCEPT
I discovered this address with help of -j LOG on my INPUT chain, where i saw packets dropped like SRC=127.0.0.1 DST=127.0.0.53 ..., when NATed host is trying to resolve hostname.
As i am writing automated script that generates correct netfilter rules for situation, i need to know from where this 127.0.0.53 could come from.
I see the same address in /etc/resolv.conf. But i don't understand who's routing this packet to this address when it is "redirected", if even close to understanding what happens.
Upvotes: 0
Views: 1224
Answers (1)
Reputation: 125
systemd-resolved sets up a stub listener for dns requests locally on 127.0.0.53:53
try disabling it to proceed sudo systemctl disable systemd-resolved
Upvotes: 1
Related Questions
- Retrieving original destination from iptables after REDIRECT
- How does DNS work with Java Sockets?
- Java DNS Packet creation
- sending a reverse dns request using socket on 53 of localhost or a given dns server
- understanding netfilter REDIRECT Target
- Source address of TCP_RST segment sent by IPTables
- iptables blocking DNS server
- Identifying DNS packets
- How to read tcp packets, which have been redirected to localhost?
- How to get original destination port of redirected UDP message?