On 29/07/14 17:11, Ben Cundiff wrote:
> Hi, 
> We have two DHCP/DNS servers running Ubuntu 12.04 and dnsmasq-server 
> 2.590-4ubuntu0.1. The other day, we had a user set up a Windows Server 2012 
> computer on our development network for testing. This user chose to set up 
> his Windows server as DC, DHCP server, DNS server, and more, for a new domain 
> that he gave the same name as our production domain (let's say both domains 
> are named "example.com"). One of our servers, while still using a DHCP lease 
> from our legitimate DHCP servers, somehow began using the Windows server for 
> DNS queries for hosts on the example.com domain, though our server network 
> and the development network are on separate VLANs and in different broadcast 
> domains. Is there something in our servers' dnsmasq.conf that would have 
> allowed any of our DHCP servers to forward requests to the unauthorized 
> servers? 
> Here's what dnsmasq.conf looks like on our primary DHCP server. We've set it 
> up so that the three DCs handle all DNS queries for example.com 
> server=//
> server=/example.com/###.###.###.1
> server=/example.com/###.###.###.2
> server=/example.com/###.###.###.3
> local-ttl=1
> localise-queries
> all-servers
> rebind-localhost-ok
> stop-dns-rebind
> dns-forward-max=5000
> cache-size=10000
> rebind-domain-ok=/example.com/ 

Your config doesn't include


so dnsmasq will be reading /etc/resolv.conf looking for servers there,
as well as the ones you've defined. If a DHCP client on the machine got
a DHCP lease from the rogue server, it could have put the DNS server
address from that DHCP lease in /etc/resolv.conf That would get queries
NOT in *.example.com sent to the rogue server.



Dnsmasq-discuss mailing list

Reply via email to