mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-20 22:23:27 +00:00
a45f4f50e1
dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for specific hostnames. Clients claiming certain hostnames and thus claiming DNS namespace represent a potential security risk. e.g. a malicious host could claim 'wpad' for itself and redirect other web client requests to it for nefarious purpose. See CERT VU#598349 for more details. Some Samsung TVs are claiming the hostname 'localhost', it is believed not (yet) for nefarious purposes. /usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames in correct syntax to be excluded. e.g. dhcp-name-match=set:dhcp_bogus_hostname,localhost Inclusion of this file is controlled by uci option dhcpbogushostname which is enabled by default. To be absolutely clear, DHCP leases to these requesting hosts are still permitted, but they do NOT get to claim ownership of the hostname itself and hence put into DNS for other hosts to be confused/manipulate by. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
9 lines
340 B
Plaintext
9 lines
340 B
Plaintext
# dhcpbogushostname.conf included configuration file for dnsmasq
|
|
#
|
|
# includes a list of hostnames that should not be associated with dhcp leases
|
|
# in response to CERT VU#598349
|
|
# file included by default, option dhcpbogushostname 0 to disable
|
|
|
|
dhcp-name-match=set:dhcp_bogus_hostname,localhost
|
|
dhcp-name-match=set:dhcp_bogus_hostname,wpad
|