[Dnsmasq-discuss] Interface-only binding not properly
richardvoigt at gmail.com
richardvoigt at gmail.com
Fri Jun 4 19:41:14 BST 2010
I assume you're referring to the fact that dnsmasq bound to the
wildcard address for dhcp service? This is necessary to receive
incoming dhcp broadcasts such as the initial DHCPREQUEST packet, when
the client doesn't yet know the address of the dhcp server. Perhaps
dnsmasq could also bind to individual addresses to prevent another
process from binding a more specific address and stealing datagrams...
Simon will probably join in momentarily and explain why it's designed
this way.
But modern security-conscious OSes usually prevent this scenario. See
SO_EXCLUSIVEADDRUSE in the MSDN documentation, which behavior is
apparently default on the platforms dnsmasq runs on.
On Fri, Jun 4, 2010 at 12:53 PM, Felix Nawothnig
<felix.nawothnig at googlemail.com> wrote:
> Hey.
>
> I'm running...
>
> Dnsmasq version 2.52 Copyright (c) 2000-2010 Simon Kelley
> Compile time options IPv6 GNU-getopt DBus I18N DHCP TFTP
>
> on Ubuntu Lucid (Package version 2.52-1).
>
> My configuration looks like this:
>
> interface=eth0
> interface=lo
> bind-interfaces
>
> But netstat tells me:
>
> tcp 0 0 localhost:domain *:* LISTEN 2238/dnsmasq
> tcp 0 0 jacob:domain *:* LISTEN 2238/dnsmasq
> tcp6 0 0 localhost:domain [::]:* LISTEN 2238/dnsmasq
> tcp6 0 0 jacob:domain [::]:* LISTEN 2238/dnsmasq
> udp 0 0 localhost:domain *:* 2238/dnsmasq
> udp 0 0 jacob:domain *:* 2238/dnsmasq
> udp 0 0 *:bootps *:* 2238/dnsmasq
> ^^^^^^^^
>
> udp6 0 0 localhost:domain [::]:* 2238/dnsmasq
> udp6 0 0 jacob:domain [::]:* 2238/dnsmasq
>
> I doubt there is a real vulnerability there, but I'm kinda paranoid
> these days. Fried a dedicated server due to a rootkit just a couple of
> days ago. :-)
>
> Cheers,
>
> Felix
>
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list