Re: [Dnsmasq-discuss] CERT Vulnerability VU#598349

Hey Simon On 9/8/18 11:17 AM, Simon Kelley wrote: > The question is, should the above configuration be "baked in" to the code? As I understand, this vulnerability arises from the Web Proxy Automatic Discovery (WPAD) protocol, not from dnsmasq itself. And, dnsmasq configuration provides - or

[Dnsmasq-discuss] CERT Vulnerability VU#598349

https://www.kb.cert.org/vuls/id/598349 The essence of this is that an attacker can get a DHCP lease whilst claiming the name "wpad" and thus insert the name wpad.example.com in the local DNS pointing the attacker's machine. The presence of that A record allows control of the proxy settings of any

Re: [Dnsmasq-discuss] How to declare dnsmasq as authoritative for the 10.x subnet?

On 06/09/18 15:36, Wojtek Swiatek wrote: > Hello everyone, > > Following the documentation for auth-zone, I tried to declare my dnsmasq > server as authoritative for the 10.0.0.0/8 zone (I > server several IP sub-ranges in 10.x). Unfortunately, whatever I try I > end up with >

Re: [Dnsmasq-discuss] Support for adding CNAME query result to IPSET

No, that's a different problem. your target name "vpnin.swtk.info" is coming from the DHCP subsystem, because you have a DHCP lease for a host called "vpnin" and have set the domain to swtk.info. It would be possible, to fix this, and may be even sensible, but it's not the same that the OPs