[Dnsmasq-discuss] DNS query random ports
Petr Menšík
pemensik at redhat.com
Fri Aug 10 13:37:32 BST 2018
Hello,
we discovered our dnsmasq were using also privileged source ports when
sending queries. Interesting enough, it has right to do it, because it
has to listen also on privileged port. It never drops such privilege.
It was fixed in commit [1]. But my question is, why is there even custom
generator or random ports, when OS can do it itself? And usually far
better? So I dug a bit into it and came with patch, that would use
random ports from OS by default.
When I tested it, I got the same results when skipping bind() call on
random ports at all. Is there some reason, why dnsmasq does not follow
OS policy for source outgoing port and choses its own range by itself?
1.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=baf553db0cdb50707ddab464fb3eff7786ea576c
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com PGP: 65C6C973
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Use-OS-random-ports-by-default.patch
Type: text/x-patch
Size: 2965 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180810/eb242d29/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Simplify-random-ports-generator.patch
Type: text/x-patch
Size: 1931 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180810/eb242d29/attachment-0001.bin>
More information about the Dnsmasq-discuss
mailing list