Re: [Dnsmasq-discuss] Support for adding CNAME query result to IPSET

No, that's a different problem. your target name "vpnin.swtk.info" is coming from the DHCP subsystem, because you have a DHCP lease for a host called "vpnin" and have set the domain to swtk.info. It would be possible, to fix this, and may be even sensible, but it's not the same that the OPs probl

Re: [Dnsmasq-discuss] How to declare dnsmasq as authoritative for the 10.x subnet?

On 06/09/18 15:36, Wojtek Swiatek wrote: > Hello everyone, > > Following the documentation for auth-zone, I tried to declare my dnsmasq > server as authoritative for the 10.0.0.0/8 zone (I > server several IP sub-ranges in 10.x). Unfortunately, whatever I try I > end up with >

[Dnsmasq-discuss] CERT Vulnerability VU#598349

https://www.kb.cert.org/vuls/id/598349 The essence of this is that an attacker can get a DHCP lease whilst claiming the name "wpad" and thus insert the name wpad.example.com in the local DNS pointing the attacker's machine. The presence of that A record allows control of the proxy settings of any

Re: [Dnsmasq-discuss] CERT Vulnerability VU#598349

Hey Simon On 9/8/18 11:17 AM, Simon Kelley wrote: > The question is, should the above configuration be "baked in" to the code? As I understand, this vulnerability arises from the Web Proxy Automatic Discovery (WPAD) protocol, not from dnsmasq itself. And, dnsmasq configuration provides - or wi