#14951: Configure dnsmasq to NOT be an open resolver
------------------------+-----------------------------------------
Reporter: anonymous | Owner: developers
Type: defect | Status: reopened
Priority: high | Milestone: Attitude Adjustment 12.09.1
Component: packages | Version: Trunk
Resolution: | Keywords:
------------------------+-----------------------------------------
Comment (by anonymous):
Since it is quite possible that more end-users will install the upcoming
BB-14.07, consider enabling dnsmasq's newly introduced "--local-service"
option:
--local-service
Accept DNS queries only from hosts whose address is on a local subnet, ie
a subnet for which an interface exists on the server. This option only has
effect is there are no --interface --except-interface, --listen-address or
--auth-server options. It is intended to be set as a default on
installation, to allow unconfigured installations to be useful but also
safe from being used for DNS amplification attacks.
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
--
Ticket URL: <https://dev.openwrt.org/ticket/14951#comment:13>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
