208056 – encourage secure configuration of dnsmasq

Bug 208056 - encourage secure configuration of dnsmasq

Summary: encourage secure configuration of dnsmasq

Status:	RESOLVED INVALID

Alias:	None

Product:	[OLD] Docs on www.gentoo.org
Classification:	Unclassified
Component:	Other documents (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Docs Team

URL:	http://www.gentoo.org/doc/en/home-rou...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-01-29 15:05 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified:	2008-01-31 19:03 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2008-01-29 15:05:22 UTC

I read article about insecure DHCP setups: http://www.gnucitizen.org/blog/r00ting-public-wifi-networks-dhcp-name-poisoning-attacks/ and thought it would be nice to check my own setup.

I discovered that dnsmasq has option --dhcp-ignore-names, but it's not turned on by default. IMHO it should be handled somehow, either updating the documentation (including a warning about this), or changing the defaults.

Comment 1 Jan Kundrát (RETIRED) gentoo-dev

2008-01-31 19:03:32 UTC

Isn't that expected behaviour? When I'm configuring home network, I do have some level of trust in other hosts. If I was configuring a "public hotspot", I wouldn't follow "home router guide". If you disagree, please reopen this bug and I'll send it to dnsmasq maintainers as I don't see any need for change in documentation.