On 30/12/2019 23:07, Sung Pae wrote:
> Hello,
> 
> My home network has a DNS search domain of home.arpa and my machine's dnsmasq
> instance is configured with:
> 
>         server=/home.arpa/192.168.0.1
>         server=//192.168.0.1
>         stop-dns-rebind
>         rebind-domain-ok=home.arpa
>         rebind-domain-ok=// # Match unqualified domains
> 
> Querying my router's FQDN works as expected:
> 
>         dnsmasq: query[A] gateway.home.arpa from 127.0.0.1
>         dnsmasq: forwarded gateway.home.arpa to 192.168.0.1
>         dnsmasq: reply gateway.home.arpa is 192.168.0.1
> 
> But using an unqualified domain name does not:
> 
>         dnsmasq: query[A] gateway from 127.0.0.1
>         dnsmasq: forwarded gateway to 192.168.0.1
>         dnsmasq: possible DNS-rebind attack detected: gateway
> 
> The attached patch addresses this issue by checking for SERV_NO_REBIND when
> handling dotless domains.
> 
> 


Patch applied, thanks.


Simon.

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to