Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Always return a SERVFAIL response to DNS queries with RD=0.

Browse Source 
Unless we are acting in authoritative mode, obviously.

To do otherwise may allows cache snooping, see.
http://cs.unc.edu/~fabian/course_papers/cache_snooping.pdf
This commit is contained in:
Simon Kelley
2017-10-30 23:16:54 +00:00
parent ebedcbaeb8
commit 087eb76140
3 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -6,6 +6,10 @@ version 2.79
upstream servers to an interface, rather than SO_BINDTODEVICE.
Thanks to Beniamino Galvani for the patch.
Always return a SERVFAIL answer to DNS queries without the
recusion desired bit set, UNLESS acting as a authoritative
DNS server. This avoids a potential route to cache snooping.
version 2.78
Fix logic of appending ".<layer>" to PXE basename. Thanks to Chris