#14951: Configure dnsmasq to NOT be an open resolver
------------------------+-----------------------------------------
Reporter: anonymous | Owner: developers
Type: defect | Status: closed
Priority: high | Milestone: Attitude Adjustment 12.09.1
Component: packages | Version: Trunk
Resolution: fixed | Keywords:
------------------------+-----------------------------------------
Comment (by gent@…):
I have found this thread while searching for a solution on DNS
Amplification Attack issue on a wireless access point made by Ligowave
which is using dnsmasq for DNS. The problem I was having was due to
assigning a real IP to the Ligowave AP was being used for DNS
Amplification which the unit is left open for dns queries on the Ethernet
interface to the outside world which is a security problem. Unfortunately,
Ligowave does not have a way to fix this (yet) and the unit was generating
6 Meg of constant traffic.
I found a temporary fix. Either put the unit behind a firewall or ssh into
the unit and kill the dnsmasq and then restart it the option:
--except-interface=eth0
However this will go back to defaults if the unit is rebooted. I could not
find a more permanent solution, but if anybody has it, please share.
Thanks,
Gent
--
Ticket URL: <https://dev.openwrt.org/ticket/14951#comment:19>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
