yahoo-eng-team team mailing list archive

[OpenStack Infra <1828473@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/658240
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=09ee9347864d731ce7ccf241178559815e82f57c
Submitter: Zuul
Branch:    master

commit 09ee9347864d731ce7ccf241178559815e82f57c
Author: Brian Haley <bhaley@xxxxxxxxxx>
Date:   Thu May 9 22:33:02 2019 -0400

    Use --bind-dynamic with dnsmasq instead of --bind-interfaces
    
    Dnsmasq emits a warning when started in most neutron deployments:
    
    dnsmasq[27287]: LOUD WARNING: use --bind-dynamic rather than
        --bind-interfaces to avoid DNS amplification attacks via
        these interface(s)
    
    Since option --bind-dynamic is available since dnsmasq 2.63
    (https://github.com/liquidm/dnsmasq/blob/master/FAQ#L239) and
    we require 2.67, change to use this option instead.
    
    Change-Id: Id7971bd99b04aca38180ff109f542422b1a925d5
    Closes-bug: #1828473


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1828473

Title:
  Dnsmasq spawned by neutron-dhcp-agent should use bind-dynamic option
  instead of bind-interfaces

Status in neutron:
  Fix Released

Bug description:
  According to warning log from dnsmasq:

  May 09 23:08:59 devstack-ubuntu-ovs dnsmasq[27287]: LOUD WARNING: use
  --bind-dynamic rather than --bind-interfaces to avoid DNS
  amplification attacks via these interface(s)

  Option bind-interfaces is available since dnsmasq 2.63
  (https://github.com/liquidm/dnsmasq/blob/master/FAQ#L239) and we are
  already requiring 2.67 at least so we should change this option in
  calling dnsmasq process.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1828473/+subscriptions