[oe-commits] [meta-openembedded] 07/18: dnsmasq: Listen only on loopback and disable DHCP
git at git.openembedded.org
git at git.openembedded.org
Tue Jan 26 23:15:11 UTC 2016
joe_macdonald pushed a commit to branch master
in repository meta-openembedded.
commit 28b009f98e93b72efc7b65842cdac140202d9002
Author: Ovidiu Vancea <ovidiu.vancea at ni.com>
AuthorDate: Wed Jan 6 15:45:01 2016 +0200
dnsmasq: Listen only on loopback and disable DHCP
Dnsmasq functions as DHCP and DNS servers by default and listens on all
interfaces. This conflicts with other DHCP or DNS servers already on
the network and corrupts DNS configuration on Windows systems.
We noticed that after installing docker, the Linux system became a
magnet for DNS requests coming from Windows systems. Dnsmasq is a
dependency for lxc which is recommended for docker.
Windows periodically broadcasts DHCPInform and DHCP servers reply with
DHCPAck. If the DHCPAck from the Linux target reaches the Windows
system first, Windows changes its DNS server IP to the Linux system
running dnsmasq. Dnsmasq ends up forwarding the DNS requests to the
official DNS server and replies back the answer to the original
requestor. The Linux system transparently becomes a DNS proxy on the
subnet.
Signed-off-by: Ovidiu Vancea <ovidiu.vancea at ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
---
meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf b/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
index 1a198a3..bd0ee00 100755
--- a/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
+++ b/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
@@ -77,7 +77,7 @@ bogus-priv
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
-#listen-address=
+listen-address=127.0.0.1
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
@@ -114,7 +114,7 @@ bogus-priv
# repeat this for each network on which you want to supply DHCP
# service.
#dhcp-range=192.168.0.50,192.168.0.150,12h
-dhcp-range=10.0.0.10,10.0.0.200,2h
+#dhcp-range=10.0.0.10,10.0.0.200,2h
# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list