Dnsmasq Isn’t Responding to All Queries

If you have a Dnsmasq server that isn’t responding to all DNS queries, it’s likely your distro (or you) set the local-service option. I assume this is to prevent servers from contributing to a DDoS attack or leaking network information; however, this setting is very restrictive and limits responses to the local subnet(s).

If you have a network with a few different subnets, you’ll need to disable this option. Please ensure your firewall is appropriately configured before proceeding.

local-service may be specified in the /etc/dnsmasq.conf file or as a command line parameter when the Dnsmasq is started. On Debian, the command line parameter is added when Dnsmasq is started by /etc/init.d/dnsmasq.

The simple solution is to add


to /etc/dnsmasq.conf, because the interfaceexcept-interfacelisten-address, and auth-server options all cause local-service to not have an effect.