[Dnsmasq-discuss] Locking Down DNS Queries to Correct Servers
Ben Cundiff
bcundiff at xes-inc.com
Fri Aug 1 19:31:11 BST 2014
Thanks for the reply. To clarify, would the no-resolv option prevent the server running dnsmasq from referencing its own /etc/resolv.conf, or would that also effect the behavior of clients?
I don' think it's possible the rogue DHCP server provided any of our other servers wtih a DHCP lease-- none of our servers with dnsmasq have the isc-dhcp-client package installed, and the Windows server was set up on a separate VLAN from any of our servers. Would there be another way that the unauthorized DHCP/DNS server could have answered queries for our domain?
Thanks again,
Ben Cundiff
Associate Sysadmin
X-ES Inc.
bcundiff at xes-inc.com
----- Original Message -----
From: "Simon Kelley" <simon at thekelleys.org.uk>
To: dnsmasq-discuss at thekelleys.org.uk
Sent: Wednesday, July 30, 2014 4:30:15 PM
Subject: Re: [Dnsmasq-discuss] Locking Down DNS Queries to Correct Servers
Your config doesn't include
no-resolv
so dnsmasq will be reading /etc/resolv.conf looking for servers there,
as well as the ones you've defined. If a DHCP client on the machine got
a DHCP lease from the rogue server, it could have put the DNS server
address from that DHCP lease in /etc/resolv.conf That would get queries
NOT in *.example.com sent to the rogue server.
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140801/7777a231/attachment.html>
More information about the Dnsmasq-discuss
mailing list