[Dnsmasq-discuss] Restrict dhcpd listening interfaces.
Mark Wu
wudxw at linux.vnet.ibm.com
Tue Mar 27 15:18:09 BST 2012
Hi Simon,
It seems that dnsmasq always listen on wildcard network interfaces for
dhcp services even with the option "--interface" or "--listen-address"
specified. And you gave the following explanation for that:
Because a DHCP server has to cope with "strange" packets from
unconfigured and half-configured clients, it's not possible always to
bind the DHCP listening socket to an IP address.
It's copied from:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/307328/comments/1
Could you please elaborate more about the "strange" packets ?
Actually, the listening interface is configurable in the command line
of dhcpd daemon (http://www.isc.org/software/dhcp) I think it could
help avoid security risk and/or data privacy breach. Especially, when
dnsmasq is used by libvirt, it doesn't make sense that dnsmasq listens
on anly physical network interface. So do you think we could make the
options "--listen-address" and "--interface" applied to dhcp service too
like dns service in dnsmasq?
Thanks!
Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20120327/7008119a/attachment.html>
More information about the Dnsmasq-discuss
mailing list