On 24/10/2013 17:03, Brian Rak wrote: > We've recently undertaken a project to clean up our network, and lock > down all the open DNS resolvers. As you may know, these are very > frequently used for DDOS attacks: http://openresolverproject.org/ , > http://www.team-cymru.org/Services/Resolvers/ . > > I haven't been able to find any sort of configuration option that > would prevent DNSMasq from being abused like this, and I've had to > resort to iptables rules instead. Is there a configuration option > that that would disable responding to DNS queries from certain > interfaces? The other option that seems handy would be one to only > reply to DNS queries from hosts that have a configured DHCP lease. > > Are there any features of DNSMasq that would prevent it from being > abused to conduct attacks? > > _______________________________________________ > Dnsmasq-discuss mailing list > [email protected] > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
I instantly thought of the '-interface' & '-except-interface' options. I'm probably missing something. -- Cheers, [email protected] {TB} M: +44 7947 355344 H: +44 1256 478597
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
