[Dnsmasq-discuss] DNSMasq and DNS reflection attacks
Vladislav Grishenko
themiron at mail.ru
Fri Oct 25 20:35:02 BST 2013
> From: Simon Kelley
> Sent: Friday, October 25, 2013 4:15 PM
>
> On 24/10/13 23:41, Vladislav Grishenko wrote:
> >> From: Simon Kelley
> >> Sent: Thursday, October 24, 2013 11:00 PM
> >>
> >> So, don't use --bind-interfaces. If you're on Linux, you can use
> >> --bind- dynamic instead if you're running multiple dnsmasq instances.
> >>
> >
> > So, on linux --bind-interfaces can be just an alias of --bind-dynamic,
> > with no --bind-interfaces code and no warnings, less binary size, more
> seciruty.
>
> There's practically no code that could be removed with --bind-interfaces,
--
> bind-dynamic is pretty much bind-interfaces plus the code to determine
> arrival interface which is disabled or missing with bind interfaces plus
some
> new code to notice new addresses arriving.
>
> If it could be supported everywhere, I'd just have extended
bind-interfaces
> to work in the way that the new bind-dynamic mode does, but I don't want
> to have one mode which behaves subtly differently on different platforms.
> By giving the new mode a new option, I can raise an error when it's not
> available.
I see, wasn't aware it can't be supported on BSD. makes sense than, thanks
for pointing out.
Best Regards, Vladislav Grishenko
More information about the Dnsmasq-discuss
mailing list