[Bug 1501206] Re: router:dhcp ports are open resolvers
** Changed in: neutron (Ubuntu) Status: Triaged => Fix Released ** Also affects: neutron (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: neutron (Ubuntu Bionic) Status: New => Fix Released ** Changed in: neutron (Ubuntu Bionic) Importance: Undecided => High ** Changed in: neutron (Ubuntu) Assignee: new (cloudie) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
Reviewed: https://review.openstack.org/633207 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=a7afd6e86d833ea44fc17528158e6819618d07f7 Submitter: Zuul Branch:stable/rocky commit a7afd6e86d833ea44fc17528158e6819618d07f7 Author: Jens Harbott Date: Mon Oct 29 17:08:33 2018 + Secure dnsmasq process against external abuse Currently any dhcp agent instance will work as an open resolver. For deployments using publicly routed addresses for tenant networks, this allows the agent being abused in dDoS attacks, see [1]. By setting the `--local-service` option dnsmasq will filter DNS queries and reply only to queries from directly attached networks. [1] https://bugs.launchpad.net/neutron/+bug/1501206 Conflicts: neutron/cmd/sanity_check.py Closes-Bug: 1501206 Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e (cherry picked from commit 0fce3ca2c1641fbcfb8327a86d7225e2c3972263) ** Tags added: in-stable-rocky -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
Reviewed: https://review.openstack.org/633211 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=72d9c3ccb34f5c5abb8de0b32d4ef1660b9f502f Submitter: Zuul Branch:stable/pike commit 72d9c3ccb34f5c5abb8de0b32d4ef1660b9f502f Author: Jens Harbott Date: Mon Oct 29 17:08:33 2018 + Secure dnsmasq process against external abuse Currently any dhcp agent instance will work as an open resolver. For deployments using publicly routed addresses for tenant networks, this allows the agent being abused in dDoS attacks, see [1]. By setting the `--local-service` option dnsmasq will filter DNS queries and reply only to queries from directly attached networks. [1] https://bugs.launchpad.net/neutron/+bug/1501206 Conflicts: neutron/cmd/sanity_check.py Closes-Bug: 1501206 Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e (cherry picked from commit 0fce3ca2c1641fbcfb8327a86d7225e2c3972263) ** Tags added: in-stable-pike -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
Reviewed: https://review.openstack.org/633210 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f599c15e33f72d44a18f10cd71a0fc9b13b35080 Submitter: Zuul Branch:stable/queens commit f599c15e33f72d44a18f10cd71a0fc9b13b35080 Author: Jens Harbott Date: Mon Oct 29 17:08:33 2018 + Secure dnsmasq process against external abuse Currently any dhcp agent instance will work as an open resolver. For deployments using publicly routed addresses for tenant networks, this allows the agent being abused in dDoS attacks, see [1]. By setting the `--local-service` option dnsmasq will filter DNS queries and reply only to queries from directly attached networks. [1] https://bugs.launchpad.net/neutron/+bug/1501206 Conflicts: neutron/cmd/sanity_check.py Closes-Bug: 1501206 Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e (cherry picked from commit 0fce3ca2c1641fbcfb8327a86d7225e2c3972263) ** Tags added: in-stable-queens -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
** Changed in: neutron (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
** Tags added: neutron-proactive-backport-potential -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
Probably this bugfix is worth backporting at least to rocky? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
Reviewed: https://review.openstack.org/333829 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0fce3ca2c1641fbcfb8327a86d7225e2c3972263 Submitter: Zuul Branch:master commit 0fce3ca2c1641fbcfb8327a86d7225e2c3972263 Author: Jens Harbott Date: Mon Oct 29 17:08:33 2018 + Secure dnsmasq process against external abuse Currently any dhcp agent instance will work as an open resolver. For deployments using publicly routed addresses for tenant networks, this allows the agent being abused in dDoS attacks, see [1]. By setting the `--local-service` option dnsmasq will filter DNS queries and reply only to queries from directly attached networks. [1] https://bugs.launchpad.net/neutron/+bug/1501206 Closes-Bug: 1501206 Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
** Changed in: neutron Assignee: Dr. Jens Harbott (j-harbott) => Brian Haley (brian-haley) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
** Changed in: neutron Assignee: David Homolka (davidhomolka) => Dr. Jens Harbott (j-harbott) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
** Changed in: neutron (Ubuntu) Status: In Progress => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
** Changed in: neutron (Ubuntu) Assignee: (unassigned) => new (cloudie) ** Changed in: neutron (Ubuntu) Status: Invalid => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
Marking Ubuntu task as Invalid; Ubuntu will pickup whatever ends up being landed into Neutron itself via Queens and other stable point releases. ** Changed in: neutron (Ubuntu) Status: New => Triaged ** Changed in: neutron (Ubuntu) Importance: Undecided => High ** Changed in: neutron (Ubuntu) Status: Triaged => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
** Changed in: neutron Status: Confirmed => In Progress ** Changed in: neutron Assignee: (unassigned) => David Homolka (davidhomolka) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1501206] Re: router:dhcp ports are open resolvers
** Also affects: neutron (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs