LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Recursive servers, but not proxy servers, affected.

Recursive servers, but not proxy servers, affected.

Posted Jul 9, 2008 10:59 UTC (Wed) by rberger (guest, #52829)
In reply to: Recursive servers, but not proxy servers, affected. by rfunk
Parent article: Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released (Securosis.com) 

Apparently, in terms of a fixed query source port, dnsmasq seems to be vulnerable anyway. I
made some tests on my router - running kernel 2.6.25.10 - and the source port dnsmasq used to
forward requests to my ISP's name servers was all the same for several queries.

As I understand it, you can specify a source port via config or command line, or dnsmasq will
pick one randomly at startup. But once it is chosen, it apparently will use it for all queries
from this point on.

Since it doesn't recurse, dnsmasq won't be top priority I guess, as an attacker would have to
spoof one of the ISP's nameservers, which is much more unlikely than spoofing one of the
servers on a recursive resolution path. So I'd be interested in my ISP getting his servers
straight in the first place.

But it would still be nice if this got fixed some time, given the attention this issue draws.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds