[Bug 278721] ldns uses nameserver commented out resolv.conf (host, drill)

bugzilla-noreply Fri, 03 May 2024 09:07:37 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278721


            Bug ID: 278721
           Summary: ldns uses nameserver commented out resolv.conf (host,
                    drill)
           Product: Base System
           Version: 13.3-RELEASE
          Hardware: Any
               URL: https://github.com/NLnetLabs/ldns/issues/237
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected]

Given this innocent /etc/resolv.conf:

  # Generated by resolvconf
  # nameserver 192.168.1.1

  # nameserver 8.8.8.8
  nameserver 127.0.0.1
  options edns0

(the third line needs to be empty)

ldns actually sends requests to google DNS.

Stripped down example:

  cat >/etc/resolv.conf <<EOF
  # g

  # nameserver 8.8.8.8
  EOF
  drill www.google.com
  host www.google.com

(there is no resolver running on localhost)

This problem can lead to information leakage and (which hit me) break our
setup, where local_unbound is serving a private zone, but google was contacted
instead.

Filed upstream, more details (and suggested solutions) can be found here:
https://github.com/NLnetLabs/ldns/issues/237

CCed des and emaste, as they did the last import of ldns in 13.3

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 278721] ldns uses nameserver commented out resolv.conf (host, drill)

Reply via email to