[Bug 1306646] [NEW] Prevent open recursive DNS server with dnsmasq
Jeroen van der Ham
ubuntu at dckd.nl
Fri Apr 11 14:33:59 UTC 2014
Public bug reported:
The default configuration of dnsmasq creates an open recursive name
server, meaning that from anywhere on the Internet a request can be sent
to dnsmasq. This is problematic as UDP packets can be spoofed and DNS
has a high amplification factor, which makes it a ready tool for DDoS
attacks.
The latest release of dnsmasq (v2.69) includes the option "--local-
service", which restricts the recursive answers to the local subnet.
Please make this option default for regular installs.
** Affects: dnsmasq (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1306646
Title:
Prevent open recursive DNS server with dnsmasq
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1306646/+subscriptions
More information about the Ubuntu-server-bugs
mailing list