[Dnsmasq-discuss] Locking Down DNS Queries to Correct Servers

Ben Cundiff bcundiff at xes-inc.com
Tue Jul 29 17:11:13 BST 2014


Hi, 
We have two DHCP/DNS servers running Ubuntu 12.04 and dnsmasq-server 2.590-4ubuntu0.1. The other day, we had a user set up a Windows Server 2012 computer on our development network for testing. This user chose to set up his Windows server as DC, DHCP server, DNS server, and more, for a new domain that he gave the same name as our production domain (let's say both domains are named "example.com"). One of our servers, while still using a DHCP lease from our legitimate DHCP servers, somehow began using the Windows server for DNS queries for hosts on the example.com domain, though our server network and the development network are on separate VLANs and in different broadcast domains. Is there something in our servers' dnsmasq.conf that would have allowed any of our DHCP servers to forward requests to the unauthorized servers? 
Here's what dnsmasq.conf looks like on our primary DHCP server. We've set it up so that the three DCs handle all DNS queries for example.com 
server=//
server=/example.com/###.###.###.1
server=/example.com/###.###.###.2
server=/example.com/###.###.###.3
local-ttl=1
localise-queries
all-servers
rebind-localhost-ok
stop-dns-rebind
dns-forward-max=5000
cache-size=10000
rebind-domain-ok=/example.com/ 

Thanks, 


Ben Cundiff 
Associate Sysadmin 
X-ES Inc. 
bcundiff at xes-inc.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140729/c15c9e69/attachment.html>


More information about the Dnsmasq-discuss mailing list