dnsmasq (2.69-1) unstable; urgency=low
* New upstream.
+ * Set --local-service. (closes: #732610)
+ This tells dnsmasq to ignore DNS requests that don't come from a local network.
+ It's automatically ignored if --interface --except-interface, --listen-address
+ or --auth-server exist in the configuration, so for most installations, it will
+ have no effect, but for otherwise-unconfigured installations, it stops dnsmasq
+ from being vulnerable to DNS-reflection attacks.
-- Simon Kelley <simon@thekelleys.org.uk> Tue, 4 Feb 2014 16:28:12 +0000
DNSMASQ_USER="dnsmasq"
fi
+# This tells dnsmasq to ignore DNS requests that don't come from a local network.
+# It's automatically ignored if --interface --except-interface, --listen-address
+# or --auth-server exist in the configuration, so for most installations, it will
+# have no effect, but for otherwise-unconfigured installations, it stops dnsmasq
+# from being vulnerable to DNS-reflection attacks.
+
+DNSMASQ_OPTS="$DNSMASQ_OPTS --local-service"
+
start()
{
# Return
my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
}
#endif
+
+ if (option_bool(OPT_LOCAL_SERVICE))
+ my_syslog(LOG_INFO, _("DNS service limited to local subnets"));
#ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID))
projects / people / ms / dnsmasq.git / commitdiff
