[oe-commits] [meta-openembedded] 07/18: dnsmasq: Listen only on loopback and disable DHCP

git at git.openembedded.org git at git.openembedded.org
Tue Jan 26 23:15:11 UTC 2016 

joe_macdonald pushed a commit to branch master
in repository meta-openembedded.

commit 28b009f98e93b72efc7b65842cdac140202d9002
Author: Ovidiu Vancea <ovidiu.vancea at ni.com>
AuthorDate: Wed Jan 6 15:45:01 2016 +0200

    dnsmasq: Listen only on loopback and disable DHCP
    
    Dnsmasq functions as DHCP and DNS servers by default and listens on all
    interfaces. This conflicts with other DHCP or DNS servers already on
    the network and corrupts DNS configuration on Windows systems.
    
    We noticed that after installing docker, the Linux system became a
    magnet for DNS requests coming from Windows systems. Dnsmasq is a
    dependency for lxc which is recommended for docker.
    
    Windows periodically broadcasts DHCPInform and DHCP servers reply with
    DHCPAck. If the DHCPAck from the Linux target reaches the Windows
    system first, Windows changes its DNS server IP to the Linux system
    running dnsmasq. Dnsmasq ends up forwarding the DNS requests to the
    official DNS server and replies back the answer to the original
    requestor. The Linux system transparently becomes a DNS proxy on the
    subnet.
    
    Signed-off-by: Ovidiu Vancea <ovidiu.vancea at ni.com>
    Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
    Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
---
 meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf b/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
index 1a198a3..bd0ee00 100755
--- a/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
+++ b/meta-networking/recipes-support/dnsmasq/files/dnsmasq.conf
@@ -77,7 +77,7 @@ bogus-priv
 #except-interface=
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
-#listen-address=
+listen-address=127.0.0.1
 
 # On systems which support it, dnsmasq binds the wildcard address,
 # even when it is listening on only some interfaces. It then discards
@@ -114,7 +114,7 @@ bogus-priv
 # repeat this for each network on which you want to supply DHCP
 # service.
 #dhcp-range=192.168.0.50,192.168.0.150,12h
-dhcp-range=10.0.0.10,10.0.0.200,2h
+#dhcp-range=10.0.0.10,10.0.0.200,2h
 
 # This is an example of a DHCP range where the netmask is given. This
 # is needed for networks we reach the dnsmasq DHCP server via a relay 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list