[Dnsmasq-discuss] DNSMasq and DNS reflection attacks
Brian Rak
brak at gameservers.com
Thu Oct 24 17:03:57 BST 2013
We've recently undertaken a project to clean up our network, and lock
down all the open DNS resolvers. As you may know, these are very
frequently used for DDOS attacks: http://openresolverproject.org/ ,
http://www.team-cymru.org/Services/Resolvers/ .
I haven't been able to find any sort of configuration option that would
prevent DNSMasq from being abused like this, and I've had to resort to
iptables rules instead. Is there a configuration option that that would
disable responding to DNS queries from certain interfaces? The other
option that seems handy would be one to only reply to DNS queries from
hosts that have a configured DHCP lease.
Are there any features of DNSMasq that would prevent it from being
abused to conduct attacks?
More information about the Dnsmasq-discuss
mailing list