Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,552 Commits 8 Branches 0 Tags
a914d0aa6a02b06c28d823b5d66eefa011c66e5a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Sung Pae a914d0aa6a Check for SERV_NO_REBIND on unqualified domains 
Hello,

My home network has a DNS search domain of home.arpa and my machine's dnsmasq
instance is configured with:

        server=/home.arpa/192.168.0.1
        server=//192.168.0.1
        stop-dns-rebind
        rebind-domain-ok=home.arpa
        rebind-domain-ok=// # Match unqualified domains

Querying my router's FQDN works as expected:

        dnsmasq: query[A] gateway.home.arpa from 127.0.0.1
        dnsmasq: forwarded gateway.home.arpa to 192.168.0.1
        dnsmasq: reply gateway.home.arpa is 192.168.0.1

But using an unqualified domain name does not:

        dnsmasq: query[A] gateway from 127.0.0.1
        dnsmasq: forwarded gateway to 192.168.0.1
        dnsmasq: possible DNS-rebind attack detected: gateway

The attached patch addresses this issue by checking for SERV_NO_REBIND when
handling dotless domains.

>From 0460b07108b009cff06e29eac54910ec2e7fafce Mon Sep 17 00:00:00 2001
From: guns <self@sungpae.com>
Date: Mon, 30 Dec 2019 16:34:23 -0600
Subject: [PATCH] Check for SERV_NO_REBIND on unqualified domains
2020-01-05 22:07:01 +00:00
bld
Fix Makefile lines generating UBUS linker config.
2018-10-31 21:30:13 +00:00
contrib
Fix systemd unit startup order
2019-10-30 21:50:23 +00:00
dbus
Add --enable-ubus option.
2018-07-21 22:11:08 +01:00
debian
Update copyrights to 2020.
2020-01-05 16:40:06 +00:00
logo
tweak favicon
2012-04-02 20:40:34 +01:00
man
Add warnings and caveats for --proxy-dnssec.
2020-01-05 21:58:00 +00:00
po
Update German translation.
2018-10-06 23:55:12 +01:00
src
Check for SERV_NO_REBIND on unqualified domains
2020-01-05 22:07:01 +00:00
.gitattributes
Add .gitattributes to substitute VERSION on export.
2017-05-12 13:14:17 +01:00
.gitignore
Debian package: add dnsmasq-base-lua binary package.
2018-02-16 19:56:56 +00:00
Android.mk
import of dnsmasq-2.57.tar.gz
2012-01-05 17:31:15 +00:00
CHANGELOG
Add --tftp-single-port option.
2020-01-05 16:21:24 +00:00
CHANGELOG.archive
Spelling fixes.
2018-01-14 17:32:52 +00:00
COPYING
import of dnsmasq-2.0.tar.gz
2012-01-05 17:31:10 +00:00
COPYING-v3
import of dnsmasq-2.41.tar.gz
2012-01-05 17:31:13 +00:00
dnsmasq.conf.example
Example config file fix for CERT Vulnerability VU#598349.
2018-09-26 18:04:38 +01:00
doc.html
Modify doc.html to mention git-over-http is now available.
2017-11-15 21:23:43 +00:00
FAQ
Spelling fixes.
2018-01-14 17:32:52 +00:00
Makefile
Makefile: fix i18n build with ubus
2019-08-16 16:31:41 +01:00
setup.html
Spelling fixes.
2018-01-14 17:32:52 +00:00
trust-anchors.conf
Add forthcoming 2017 root zone trust anchor to trust-anchors.conf.
2017-02-10 21:32:45 +00:00
VERSION
VERSION file
2012-01-05 22:00:08 +00:00
Description
No description provided
17 MiB
Languages
C 94.2%
Perl 2.3%
HTML 1.2%
Shell 1.1%
Makefile 0.6%
Other 0.6%