[Dnsmasq-discuss] Update on DNS spoofing hole.

Simon Kelley simon at thekelleys.org.uk
Tue Jul 15 19:54:47 BST 2008


Dnsmasq users:

There has been some confusion about the exact nature of the 
newly-discovered DNS hole, and if dnsmasq is affected. I just talked to 
Dan Kaminsky and can confirm that dnsmasq is potentially vulnerable. All 
users should therefore upgrade. Ensure that the --query-port option 
(which will disable query-port randomisation)  is _not_ used except on 
tightly-controlled networks.

Also note that version 2.43, which was rushed out to fix this hole, has 
a crash bug in unrelated DHCP code. This is only triggered in rare 
circumstances. Distribution authors may like to wait for version 2.44, 
due next week, which fixes this problem.

Cheers,

Simon.





More information about the Dnsmasq-discuss mailing list