[Bug 1306646] [NEW] Prevent open recursive DNS server with dnsmasq

Jeroen van der Ham ubuntu at dckd.nl
Fri Apr 11 14:33:59 UTC 2014


Public bug reported:

The default configuration of dnsmasq creates an open recursive name
server, meaning that from anywhere on the Internet a request can be sent
to dnsmasq. This is problematic as UDP packets can be spoofed and DNS
has a high amplification factor, which makes it a ready tool for DDoS
attacks.

The latest release of dnsmasq (v2.69) includes the option "--local-
service", which restricts the recursive answers to the local subnet.
Please make this option default for regular installs.

** Affects: dnsmasq (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1306646

Title:
  Prevent open recursive DNS server with dnsmasq

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1306646/+subscriptions



More information about the Ubuntu-server-bugs mailing list