On 29/07/14 17:11, Ben Cundiff wrote: > Hi, > We have two DHCP/DNS servers running Ubuntu 12.04 and dnsmasq-server > 2.590-4ubuntu0.1. The other day, we had a user set up a Windows Server 2012 > computer on our development network for testing. This user chose to set up > his Windows server as DC, DHCP server, DNS server, and more, for a new domain > that he gave the same name as our production domain (let's say both domains > are named "example.com"). One of our servers, while still using a DHCP lease > from our legitimate DHCP servers, somehow began using the Windows server for > DNS queries for hosts on the example.com domain, though our server network > and the development network are on separate VLANs and in different broadcast > domains. Is there something in our servers' dnsmasq.conf that would have > allowed any of our DHCP servers to forward requests to the unauthorized > servers? > Here's what dnsmasq.conf looks like on our primary DHCP server. We've set it > up so that the three DCs handle all DNS queries for example.com > server=// > server=/example.com/###.###.###.1 > server=/example.com/###.###.###.2 > server=/example.com/###.###.###.3 > local-ttl=1 > localise-queries > all-servers > rebind-localhost-ok > stop-dns-rebind > dns-forward-max=5000 > cache-size=10000 > rebind-domain-ok=/example.com/ >
Your config doesn't include no-resolv so dnsmasq will be reading /etc/resolv.conf looking for servers there, as well as the ones you've defined. If a DHCP client on the machine got a DHCP lease from the rogue server, it could have put the DNS server address from that DHCP lease in /etc/resolv.conf That would get queries NOT in *.example.com sent to the rogue server. Cheers, Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss