Dnsmasq options (listen_address / bind_interfaces) neglected

Turris Omnia - rtrom01
Turris OS 3.9.6
Kernel 4.4.119-082ea0f4a4e204b99821bedcb349ed54-0
Firmware OpenWrt omnia 15.05 r47055 / LuCI 49c3edd5861fd032fa8379ceda525c27a908a114 branch (git-17.212.24321-49c3edd)
dnsmasq-full 2.78-2

/etc/config/dhcp
  config dnsmasq
    option listen_address '127.0.0.1'
    option bind_interfaces '1'

Those options appear to be entirely neglected since dnsmasq continues to bind only the wildcard address after having dnsmasq/resolver restarted.

Well, by default it doesn’t bind at all, I believe. The actually used resolvers do bind (only) on the wildcard address as well, and filtering is done at firewall level (DNS from WAN). EDIT: https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/20

That is probably by default but it can be specified in

/etc/config/resolver
  config resolver 'common'
    list interface

At least it works for unbound that way.

My point was not the worry of an open resolver (the dnsmasq port is closed on the wan fw zone anyway) but rather that those valid dnsmasq options are neglected.

Potential workaround (as on display in LuCI -> Network -> DHCP and DNS) of this issue/bug

/etc/config/dhcp
  config dnsmasq
    option nonwildcard '1'
    list interface 'lan'