All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-networking][PATCH] dnsmasq: Listen only on loopback and disable DHCP
@ 2016-01-06 13:45 Ovidiu Vancea
  0 siblings, 0 replies; only message in thread
From: Ovidiu Vancea @ 2016-01-06 13:45 UTC (permalink / raw)
  To: openembedded-devel

Dnsmasq functions as DHCP and DNS servers by default and listens on all
interfaces. This conflicts with other DHCP or DNS servers already on
the network and corrupts DNS configuration on Windows systems.

We noticed that after installing docker, the Linux system became a
magnet for DNS requests coming from Windows systems. Dnsmasq is a
dependency for lxc which is recommended for docker.

Windows periodically broadcasts DHCPInform and DHCP servers reply with
DHCPAck. If the DHCPAck from the Linux target reaches the Windows
system first, Windows changes its DNS server IP to the Linux system
running dnsmasq. Dnsmasq ends up forwarding the DNS requests to the
official DNS server and replies back the answer to the original
requestor. The Linux system transparently becomes a DNS proxy on the
subnet.

Signed-off-by: Ovidiu Vancea <ovidiu.vancea@ni.com>
---
 meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf b/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
index 1a198a3..bd0ee00 100755
--- a/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
+++ b/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
@@ -77,7 +77,7 @@ bogus-priv
 #except-interface=
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
-#listen-address=
+listen-address=127.0.0.1
 
 # On systems which support it, dnsmasq binds the wildcard address,
 # even when it is listening on only some interfaces. It then discards
@@ -114,7 +114,7 @@ bogus-priv
 # repeat this for each network on which you want to supply DHCP
 # service.
 #dhcp-range=192.168.0.50,192.168.0.150,12h
-dhcp-range=10.0.0.10,10.0.0.200,2h
+#dhcp-range=10.0.0.10,10.0.0.200,2h
 
 # This is an example of a DHCP range where the netmask is given. This
 # is needed for networks we reach the dnsmasq DHCP server via a relay 
-- 
2.1.4



^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2016-01-06 13:45 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-06 13:45 [meta-networking][PATCH] dnsmasq: Listen only on loopback and disable DHCP Ovidiu Vancea

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.