> But perhaps it would be simpler to provide users a way to disable this
functionality manually? Is there any kind of runtime configuration
available?
At runtime, it doesn't seem to have a way, for instance, I already tried
the following without success: do-forward-updates false;
# man dhclient.conf
If you want to do DNS updates in the DHCP client script (see
dhclient-script(8)) rather than having the DHCP client do the update directly
(for example, if you want to use SIG(0) authentication, which is not supported
directly by the DHCP client, you can
instruct the client not to do the update using the do-forward-updates
statement. Flag should be true if you want the DHCP client to do the update,
and false if you don't want the DHCP client to do the update. By default, the
DHCP client will do the DNS
update.
To disable the functionality at the moment for Trusty, manipulation in
the source package is required.
Undefine NSUPDATE in includes/site.h :
-#define NSUPDATE
+/* #define NSUPDATE */
and disabled failover and tracing in debian/rules :
./configure \
--prefix=/usr \
--sysconfdir=/etc/dhcp \
+ --disable-tracing \
+ --disable-failover \
Eric
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1176046
Title:
isc-dhcp dhclient listens on extra random ports
Status in isc-dhcp package in Ubuntu:
In Progress
Bug description:
Ubuntu 13.04 Server 64-bit. Fresh install. Only one network adapter.
dhclient process is listening on two randomly chosen udp ports in
addition to the usual port 68. This appears to be a bug in the
discovery code for probing information on interfaces in the system.
Initial research of the code also suggested omapi, but adding omapi
port 9999 to /etc/dhcp/dhclient.conf only opened a forth port with the
two random udp ports still enabled.
Version of included distro dhclient was 4.2.4. I also tested with the
latest isc-dhclient-4.2.5-P1 and got the same results.
Debian has the same bug:
http://forums.debian.net/viewtopic.php?f=10&t=95273&p=495605#p495605
One impact of these random ports is that security hardening becomes
more difficult. The purpose of these random ports and security
implications are unknown.
Example netstat -lnp output:
udp 0 0 0.0.0.0:21117 0.0.0.0:*
2659/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:*
2659/dhclient
udp6 0 0 :::45664 :::*
2659/dhclient
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1176046/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
