[Dnsmasq-discuss] Update on DNS spoofing hole.
Simon Kelley
simon at thekelleys.org.uk
Tue Jul 15 19:54:47 BST 2008
Dnsmasq users:
There has been some confusion about the exact nature of the
newly-discovered DNS hole, and if dnsmasq is affected. I just talked to
Dan Kaminsky and can confirm that dnsmasq is potentially vulnerable. All
users should therefore upgrade. Ensure that the --query-port option
(which will disable query-port randomisation) is _not_ used except on
tightly-controlled networks.
Also note that version 2.43, which was rushed out to fix this hole, has
a crash bug in unrelated DHCP code. This is only triggered in rare
circumstances. Distribution authors may like to wait for version 2.44,
due next week, which fixes this problem.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list