> But perhaps it would be simpler to provide users a way to disable this functionality manually? Is there any kind of runtime configuration available?
At runtime, it doesn't seem to have a way, for instance, I already tried the following without success: do-forward-updates false; # man dhclient.conf If you want to do DNS updates in the DHCP client script (see dhclient-script(8)) rather than having the DHCP client do the update directly (for example, if you want to use SIG(0) authentication, which is not supported directly by the DHCP client, you can instruct the client not to do the update using the do-forward-updates statement. Flag should be true if you want the DHCP client to do the update, and false if you don't want the DHCP client to do the update. By default, the DHCP client will do the DNS update. To disable the functionality at the moment for Trusty, manipulation in the source package is required. Undefine NSUPDATE in includes/site.h : -#define NSUPDATE +/* #define NSUPDATE */ and disabled failover and tracing in debian/rules : ./configure \ --prefix=/usr \ --sysconfdir=/etc/dhcp \ + --disable-tracing \ + --disable-failover \ Eric -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1176046 Title: isc-dhcp dhclient listens on extra random ports Status in isc-dhcp package in Ubuntu: In Progress Bug description: Ubuntu 13.04 Server 64-bit. Fresh install. Only one network adapter. dhclient process is listening on two randomly chosen udp ports in addition to the usual port 68. This appears to be a bug in the discovery code for probing information on interfaces in the system. Initial research of the code also suggested omapi, but adding omapi port 9999 to /etc/dhcp/dhclient.conf only opened a forth port with the two random udp ports still enabled. Version of included distro dhclient was 4.2.4. I also tested with the latest isc-dhclient-4.2.5-P1 and got the same results. Debian has the same bug: http://forums.debian.net/viewtopic.php?f=10&t=95273&p=495605#p495605 One impact of these random ports is that security hardening becomes more difficult. The purpose of these random ports and security implications are unknown. Example netstat -lnp output: udp 0 0 0.0.0.0:21117 0.0.0.0:* 2659/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 2659/dhclient udp6 0 0 :::45664 :::* 2659/dhclient To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1176046/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp