Forwarder listening on port 53/tcp on all interfaces
even if it's configured explicitly to listen on particular interfaces
How to reproduce:
Configure forwarder
bind it to certain nic
check netstat output and/or external scan output
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- 1.1.8 and 1.2
- Why the issue appeared?
- Will be filled on close
Related Objects
Related Objects
Event Timeline
Comment Actions
After adding the bind-interfacesparameter to the configuration, movng the configuration file from /etc/dnsmasq.conf to /etc/dnsmasq.d/vyos.conf and switching to systemd, this is the result:
cpo@CR2# netstat -a | grep domain tcp 0 0 localhost:domain *:* LISTEN tcp 0 0 lo.CR2.mucI.xxx:domain *:* LISTEN tcp 0 0 eth0.CR2.mucI.xx:domain *:* LISTEN tcp6 0 0 localhost:domain [::]:* LISTEN tcp6 0 0 fe80::250:56ff:f:domain [::]:* LISTEN udp 0 0 localhost:domain *:* udp 0 0 lo.CR2.mucI.xxx:domain *:* udp 0 0 eth0.CR2.mucI.xx:domain *:* udp6 0 0 localhost:domain [::]:* udp6 0 0 fe80::250:56ff:f:domain [::]:*
Comment Actions
Nope, this is the output after binding it to eth0 only. It always binds to the loopback interface!
Dnsmasq automatically adds the loopback (local) interface to the list of interfaces to use when the --interface option is used.
Comment Actions
Already triggered CI builds su it will be in tonights version.
https://ci.vyos.net/job/vyatta-op/91/changes
https://ci.vyos.net/job/vyatta-cfg-system/285/changes