yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1828473] [NEW] Dnsmasq spawned by neutron-dhcp-agent should use bind-dynamic option instead of bind-interfaces

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Slawek Kaplonski <1828473@xxxxxxxxxxxxxxxxxx>
Date: Thu, 09 May 2019 21:17:54 -0000
Reply-to: Bug 1828473 <1828473@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

According to warning log from dnsmasq:

May 09 23:08:59 devstack-ubuntu-ovs dnsmasq[27287]: LOUD WARNING: use
--bind-dynamic rather than --bind-interfaces to avoid DNS amplification
attacks via these interface(s)

Option bind-interfaces is available since dnsmasq 2.63
(https://github.com/liquidm/dnsmasq/blob/master/FAQ#L239) and we are
already requiring 2.67 at least so we should change this option in
calling dnsmasq process.

** Affects: neutron
     Importance: Low
     Assignee: Slawek Kaplonski (slaweq)
         Status: Confirmed


** Tags: l3-ipam-dhcp

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1828473

Title:
  Dnsmasq spawned by neutron-dhcp-agent should use bind-dynamic option
  instead of bind-interfaces

Status in neutron:
  Confirmed

Bug description:
  According to warning log from dnsmasq:

  May 09 23:08:59 devstack-ubuntu-ovs dnsmasq[27287]: LOUD WARNING: use
  --bind-dynamic rather than --bind-interfaces to avoid DNS
  amplification attacks via these interface(s)

  Option bind-interfaces is available since dnsmasq 2.63
  (https://github.com/liquidm/dnsmasq/blob/master/FAQ#L239) and we are
  already requiring 2.67 at least so we should change this option in
  calling dnsmasq process.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1828473/+subscriptions

Follow ups

[Bug 1828473] Re: Dnsmasq spawned by neutron-dhcp-agent should use bind-dynamic option instead of bind-interfaces
From: OpenStack Infra, 2019-05-17