Re: [Dnsmasq-discuss] [PATCH] Fix DHCPv4 reply via --bridge-interface alias interface

2016-05-03 Thread Simon Kelley 
That seems quite straightforward. Thanks. Patch applied without change.

Cheers,

Simon.



On 08/04/16 19:27, Neil Jerram wrote:
> I'm sorry not to have noticed this before now, but I just spotted that 
> DHCPv4 handling via --bridge-interface interfaces was broken between 
> v2.72 and v2.73.  My further analysis and fix are in the attached patch.
> 
> Regards,
>   Neil
> 
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Too many logs produced when using a lot of “server=/domain/nameserver” config entires

2016-05-03 Thread Simon Kelley 
I just committed some code to limit these logs, if there are more than
30 servers, only the first 30 are logged, followed by a single line
which gives the number not logged. The 30 was a reasonable default, it's
changeable in src/config.h

Does that seem like a good solution?


Cheers,

Simon.


On 12/04/16 14:58, s wrote:
> Hello,
> 
> In China some of us use dnsmasq to resolv all domestic domains from local
> nameservers, but anything else from other more secure nameservers, e.g. via 
> VPN
> tunnel or dnscrypt. We have a list of 20k+ local domains, which is translated
> into 20k+ lines of config file[1].
> 
> Dnsmasq works just fine in this configuration. Memory footprint and query 
> speed
> are still very good. But it produces too many logs. In fact it produce a log
> entry for each of these “server=/.../.../” lines every time it starts/reloads.
> The logs look like
> 
>> using nameserver 223.6.6.6#53 for domain youxiwangguo.com
> 
> I have went through doc and source code, but there is no option to disable 
> these
> logs. I can filter the logs, but it is not very ideal, and I will have to do
> that for both rsyslog and journald.
> 
> Can dnsmasq itself make some changes or add a config option to disable/reduce
> these logs?
> 
> 1. https://github.com/felixonmars/dnsmasq-china-list
> 
> See also https://github.com/felixonmars/dnsmasq-china-list/issues/124, which I
> reported.
> 
> Best regards,
> sopium
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dhcpv6 server hangs while dhcp server and RAs continue normally

2016-05-03 Thread Simon Kelley 
On 01/05/16 20:46, James Feeney wrote:
> Arch Linux
> dnsmasq 2.75-1
> linux 4.5.2-1
> 
> I mentioned about two weeks ago, the dnsmasq dhcpv6 server will just stop
> responding after running normally for a while.  There have been no comments 
> that
> I have seen.  Any thoughts?  Is there a way to dump the state of the dhcpv6
> server?  Should I not be using dnsmasq as a dhcpv6 server?  Simon?
> 
> 

Difficult to know how to respond to this. You're the first person to
report anything of this nature, so unless you can find a way to
reproduce it, there's not an obvious way forward.

Best would be a procedure to trigger the problem. Failing that, if it
happens frequently enough to be practical, I can suggest some ways of
getting some state out of the system. First line of attack would be run
strace on the running process, to see what syscalls it's making. That
would tell us if it's getting DHCPv6 packets, and if it's answering them.


Cheers,

Simon.




signature.asc
Description: OpenPGP digital signature
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq 2.75 on Ubuntu 16.04 crashes reproducibly

2016-05-03 Thread Alexander E. Patrakov 

04.05.2016 00:02, Albert ARIBAUD пишет:

Hi Alexander,

Le Tue, 3 May 2016 22:56:45 +0500
"Alexander E. Patrakov"  a écrit:


03.05.2016 22:28, Albert ARIBAUD wrote:

Hi Alexander,

Le Tue, 3 May 2016 21:45:00 +0500
"Alexander E. Patrakov"  a écrit:


2016-05-03 20:37 GMT+05:00 Simon Kelley :

I'm pretty sure that this is fixed in the current code.


It is indeed fixed in git! But distributions (including Ubuntu and
Arch) are still distributing a vulnerable version and are probably
unaware of it. Could you please apply for a CVE ID (if it doesn't
already exist) so that they fix their packages?


A CVE ID? For a crash caused by a specific local name record which
clashes with the public one? What's the vulnerability or exposure
here?


This is actually crashable by querying any CNAME that points to
localhost.localdomain, given that upstream is 8.8.8.8, because
localhost.localdomain nearly universally exists in /etc/hosts as ::1,
and 8.8.8.8 doesn't have an  entry for it. So this is a security
issue.


I am still not seeing what the *security* issue is. How can this problem
be *exploited* in order to cause a DoS or compromise a host for
instance?


The only security issue here is a DoS.

There are systems like antispam filters that resolve e.g. domains found 
in email messages. Also there are browsers that resolve names in order 
to e.g. display iframes for ads. So it is possible for a third party 
("hacker"), by sending an email to an email server or showing a bad ad 
to the user, to cause his antispam client or browser to try to resolve a 
domain of hacker's choice for an  record. If this name happens to be 
a CNAME that points to localhost.localdomain., then dnsmasq (which was 
supposed to give the DNS answer to the antispam or the browser) gets 
crashed.


Or just consider a dnsmasq shared between several users. One of them 
tries to resolve an  record for some name (which is actually a CNAME 
pointing to localhost.localdomain.), and crashes dnsmasq, thus causing 
irritation to other users until the admin restarts dnsmasq.


--
Alexander E. Patrakov

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq 2.75 on Ubuntu 16.04 crashes reproducibly

2016-05-03 Thread Albert ARIBAUD 
Hi Alexander,

Le Tue, 3 May 2016 22:56:45 +0500
"Alexander E. Patrakov"  a écrit:

> 03.05.2016 22:28, Albert ARIBAUD wrote:
> > Hi Alexander,
> >
> > Le Tue, 3 May 2016 21:45:00 +0500
> > "Alexander E. Patrakov"  a écrit:
> >
> >> 2016-05-03 20:37 GMT+05:00 Simon Kelley :
> >>> I'm pretty sure that this is fixed in the current code.
> >>
> >> It is indeed fixed in git! But distributions (including Ubuntu and
> >> Arch) are still distributing a vulnerable version and are probably
> >> unaware of it. Could you please apply for a CVE ID (if it doesn't
> >> already exist) so that they fix their packages?
> >
> > A CVE ID? For a crash caused by a specific local name record which
> > clashes with the public one? What's the vulnerability or exposure
> > here?
> 
> This is actually crashable by querying any CNAME that points to 
> localhost.localdomain, given that upstream is 8.8.8.8, because 
> localhost.localdomain nearly universally exists in /etc/hosts as ::1, 
> and 8.8.8.8 doesn't have an  entry for it. So this is a security
> issue.

I am still not seeing what the *security* issue is. How can this problem
be *exploited* in order to cause a DoS or compromise a host for
instance?

Amicalement,
-- 
Albert.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Dnsmasq 2.75 on Ubuntu 16.04 crashes reproducibly

2016-05-03 Thread Albert ARIBAUD 
Hi Alexander,

Le Tue, 3 May 2016 21:45:00 +0500
"Alexander E. Patrakov"  a écrit:

> 2016-05-03 20:37 GMT+05:00 Simon Kelley :
> > I'm pretty sure that this is fixed in the current code.
> 
> It is indeed fixed in git! But distributions (including Ubuntu and
> Arch) are still distributing a vulnerable version and are probably
> unaware of it. Could you please apply for a CVE ID (if it doesn't
> already exist) so that they fix their packages?

A CVE ID? For a crash caused by a specific local name record which
clashes with the public one? What's the vulnerability or exposure here?

Besides, one cannot burden the author of some software with the
task of making sure it is up to date in distros -- unless of course he
happens to also be the package manager for some given distro, in
which case he could be held responsible for keeping that distro up to
date.

In the general case, some user (you for instance) should open a bug
report (not a CVE) to get the package updated.

Amicalement,
-- 
Albert.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-03 Thread Kevin Darbyshire-Bryant 
And then a little later:

Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
available DHCP range: 192.168.219.2 -- 192.168.219.253
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
vendor class: MSFT 5.0
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 user
class: RRAS.Microsoft
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
client provides name: Kermit.darbyshire-bryant.me.uk
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
DHCPREQUEST(br-lan) 192.168.219.4 e0:3f:49:a1:d4:aa
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: abandoning
lease to e0:3f:49:a1:d4:aa of 192.168.219.4
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
tags: lan, known, br-lan
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
DHCPACK(br-lan) 192.168.219.4 e0:3f:49:a1:d4:aa kermit
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
requested options: 1:netmask, 15:domain-name, 3:router, 6:dns-server,
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
requested options: 44:netbios-ns, 46:netbios-nodetype, 47:netbios-scope,
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
requested options: 31:router-discovery, 33:static-route,
121:classless-static-route,
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
requested options: 249, 43:vendor-encap
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 next
server: 192.168.219.1
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820
broadcast response
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  1 option: 53 message-type  5
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option: 54 server-identifier  192.168.219.1
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option: 51 lease-time  12h
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option: 58 T1  6h
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option: 59 T2  10h30m
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option:  1 netmask  255.255.255.0
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option: 28 broadcast  192.168.219.255
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option:  3 router  192.168.219.1
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option:  6 dns-server  192.168.219.1
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size: 23 option: 15 domain-name  darbyshire-bryant.me.uk
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size: 33 option: 81 FQDN  03:ff:ff:6b:65:72:6d:69:74:2e:64:61:72:62...
Tue May  3 18:43:58 2016 daemon.info dnsmasq-dhcp[2862]: 3895499820 sent
size:  4 option: 44 netbios-ns  192.168.219.1

What the hell is this box doing?! :-/


Kevin


On 02/05/2016 17:24, Simon Kelley wrote:
> On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote:
>> Further clues maybe:  So initially when kermit comes up it grabs an IPv4
>> address and I see this entry in dnsmasq's lease database:
>> 1462055024 e0:3f:49:a1:d4:aa 192.168.219.4 Kermit 01:e0:3f:49:a1:d4:aa
>>
>> Which looks pretty normal to me.  Then a little while later, presumably
>> after a dhcpv6 request it gets changed to
>> 1462055060 e0:3f:49:a1:d4:aa 192.168.219.4 Kermit
>> 01:52:41:53:20:e0:3f:49:a1:d4:aa:00:00:09:00:00:00
>>
>> There are also syslog messages of "abandoning lease to e0:3f:49:a1:d4:aa
>> of 192.168.219.4" which I don't get at all.
>>
>>
> Are you dual-booting Kermit, or netbooting it, or doing anything else
> which may cause it to run more than one DHCP client? From the
> information given it looks like the host with MAC address
> e0:3f:49:a1:d4:aa is presenting two different client-ids at different
> times. Since client-id trumps MAC address as a unique host identifier,
> that could explain what's going on. (the client-id is the last field in
> the leases database).
>
> Setting log-dhcp and posting the logs showing this sort of thing
> happening would be useful.
>
> Cheers,
>
> Simon.
>
>
>>
>> On 29/04/16 12:27, Kevin Darbyshire-Bryant wrote:
>>> Hi All,
>>>
>>>
>>> I've just noticed some strange/different behaviour with regard to
>>> dhcpv6 address allocation.  I've a couple of 'internal' machines that
>>> I'd like to have fixed ip addresses.  To that end, and it used to work
>>> I've got lines similar to: 
>>> dhcp-host=E0:3F:49:A1:D4:AA,192.168.219.4,[::0:4],Kermit   - In theory
>>> kermit gets 192.168.219.4 and the ipv6 address 'constructed prefix::0:4'
>>>
>>>
>>> Instead, these lines appear to be partially ignored with the host
>>> getting the usual pseudo random address constructed from the ipv6
>>> prefix/range.  An nslookup pointing to dnsmasq does

Re: [Dnsmasq-discuss] Using nftables internal "ipset" rule

2016-05-03 Thread Simon Kelley 
I think the way to go with this may be to use the libnftnl library.


http://netfilter.org/projects/libnftnl/index.html

Unfortunately, there doesn't appear to be any documentation for that (or
the underlying netlink API).

I guess that the answer to your question is that it would be a good idea
to include nftables support, but it's not trivial to do, and I don't
have the expertise or time to do it at the moment.

If someone knows how to do this, and makes a patch, I'd certainly accept it.


Cheers,

Simon.



On 28/04/16 22:29, Ronaldo Afonso wrote:
>   Hi,
> 
>   I'm using the "ipset" feature of dnsmasq with iptables and it's working
> perfectly.
> 
>   The think is ... now I need to change my firewall to nftables and I just
> found that nftables is not able to access an "external ipset set". The
> nftables has is own kind of "internal ipset set of rules".
> 
>   I know that dnsmasq uses an netlink socket to insert ipset rules inside
> the linux kernel netfilter subsystem.
> 
>   So I was wandering if it is so complicated to use that same netlink
> socket to include "dnsmasq ipset rules" directly in the "nftables rule set"
> instead of in an "external ipset set".
> 
>   Some think like this:  nft add element filter ip_writelist { some_ip_address
> }
> 
>   Of course the "nftable ipset rule" must already be created. Just like an
> external ipset rule.
> 
>   Would it be a nice feature since nftables seems to be far from supporting
> an external ipset rule?
> 
>   Thanks ...
> 
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-03 Thread Kevin Darbyshire-Bryant 
Hi Simon,

Thanks for getting back to me.  Kermit is a Windows Home Server box and
is definitely not net or dual booted.  Here's the relevant 'log dhcp'
extract from a clean boot of it. 

dhcp-host=id:00:01:00:01:1b:75:4c:36:e0:3f:49:a1:d4:aa,[::4],Kermit
dhcp-host=E0:3F:49:A1:D4:AA,192.168.219.4,kermit

Before booting:

nslookup kermit
nslookup: can't resolve '(null)': Name does not resolve

Name:  kermit
Address 1: 2001:470:183f:da2b::4 kermit.darbyshire-bryant.me.uk
Address 2: 192.168.219.4 kermit.darbyshire-bryant.me.uk

No entries in dhcp.leases.

Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
available DHCP range: 192.168.219.2 -- 192.168.219.253
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
vendor class: MSFT 5.0
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
client provides name: Kermit
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
DHCPREQUEST(br-lan) 192.168.219.4 e0:3f:49:a1:d4:aa
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
tags: lan, known, br-lan
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
DHCPACK(br-lan) 192.168.219.4 e0:3f:49:a1:d4:aa kermit
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
requested options: 1:netmask, 15:domain-name, 3:router, 6:dns-server,
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
requested options: 44:netbios-ns, 46:netbios-nodetype, 47:netbios-scope,
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
requested options: 31:router-discovery, 33:static-route,
121:classless-static-route,
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
requested options: 249, 43:vendor-encap
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 next
server: 192.168.219.1
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837
broadcast response
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  1 option: 53 message-type  5
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option: 54 server-identifier  192.168.219.1
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option: 51 lease-time  12h
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option: 58 T1  6h
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option: 59 T2  10h30m
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option:  1 netmask  255.255.255.0
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option: 28 broadcast  192.168.219.255
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option:  3 router  192.168.219.1
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option:  6 dns-server  192.168.219.1
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size: 23 option: 15 domain-name  darbyshire-bryant.me.uk
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size: 33 option: 81 FQDN  03:ff:ff:6b:65:72:6d:69:74:2e:64:61:72:62...
Tue May  3 18:40:57 2016 daemon.info dnsmasq-dhcp[2862]: 1035611837 sent
size:  4 option: 44 netbios-ns  192.168.219.1
Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055
available DHCP range: 2001:470:183f:da2b::2 -- 2001:470:183f:da2b:::
Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 vendor
class: 311
Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055
DHCPCONFIRM(br-lan) 00:01:00:01:1b:75:4c:36:e0:3f:49:a1:d4:aa
Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055
DHCPREPLY(br-lan) 2001:470:183f:da2b::9f93:7b6a
00:01:00:01:1b:75:4c:36:e0:3f:49:a1:d4:aa Kermit
Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 tags:
known, dhcpv6, br-lan
Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 sent
size: 14 option:  1 client-id  00:01:00:01:1b:75:4c:36:e0:3f:49:a1:d4:aa
Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 sent
size: 14 option:  2 server-id  00:01:00:01:1e:b7:72:d8:14:cc:20:be:89:33
Tue May  3 18:40:58 2016 daemon.info dnsmasq-dhcp[2862]: 9972055 sent
size: 29 option: 13 status  0 all addresses still on link

Only Entry in dhcp.leases related to kermit

1462340457 e0:3f:49:a1:d4:aa 192.168.219.4 kermit 01:e0:3f:49:a1:d4:aa

Kermit thinks it has 2001:470:183f:da2b::9f93:7b6a as per the dhcp
reply, which is fair enough but I don't understand why the UID was
ignored.  Also, nslookup replies from dnsmasq still only return the
configured addresses for kermit and no sign of the dhcpv6 allocated one.

Ideas?


Kevin






On 02/05/2016 17:24, Simon Kelley wrote:
> On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote:
>> Further clues maybe:  So initially when kermit comes up it grabs an IPv4
>> address and I see this entry in dnsmasq's lease

Re: [Dnsmasq-discuss] Dnsmasq 2.75 on Ubuntu 16.04 crashes reproducibly

2016-05-03 Thread Alexander E. Patrakov 

03.05.2016 22:28, Albert ARIBAUD wrote:

Hi Alexander,

Le Tue, 3 May 2016 21:45:00 +0500
"Alexander E. Patrakov"  a écrit:


2016-05-03 20:37 GMT+05:00 Simon Kelley :

I'm pretty sure that this is fixed in the current code.


It is indeed fixed in git! But distributions (including Ubuntu and
Arch) are still distributing a vulnerable version and are probably
unaware of it. Could you please apply for a CVE ID (if it doesn't
already exist) so that they fix their packages?


A CVE ID? For a crash caused by a specific local name record which
clashes with the public one? What's the vulnerability or exposure here?


This is actually crashable by querying any CNAME that points to 
localhost.localdomain, given that upstream is 8.8.8.8, because 
localhost.localdomain nearly universally exists in /etc/hosts as ::1, 
and 8.8.8.8 doesn't have an  entry for it. So this is a security issue.


--
Alexander E. Patrakov

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss