Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: 12.04 running DNSMASQ by default

  1. #11
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: 12.04 running DNSMASQ by default

    Dnsmasq listens only on the localhost interface, so port 53 is not exposed to external hosts. However a scan of the localhost interface with nmap will show the port is open. This has already caused a couple of folks to be concerned about security.

    This (and the use of resolvconf) is a rather major change in how Ubuntu handles DNS resolution, and one that has yet to get widespread attention. Be prepared to see more queries about this in the weeks ahead as 12.04 becomes more widely disseminated.

    I simply stopped dnsmasq from running (with "sudo service dnsmasq stop") then removed it entirely with apt-get. I use a hand-written resolv.conf file that points to other DNS servers on my network, so pushing all the queries through dnsmasq on localhost wasn't appropriate for my configuration. (Frankly, I think that only a small fraction of users will find the changes in 12.04 beneficial, but that's a separate issue.) I also removed the "dns=dnsmasq" line from NetworkManager.conf as haqking suggests. I found that simply commenting out the line with a hash mark wasn't sufficient to keep resolvconf from rewriting my resolv.conf file. I had to delete the line entirely. YMMV.
    Last edited by SeijiSensei; April 29th, 2012 at 07:30 AM.

  2. #12
    Join Date
    May 2010
    Beans
    462
    Distro
    Ubuntu Development Release

    Re: 12.04 running DNSMASQ by default

    Actually i have disable it through the network manager since it is kinda buggy for me to use for my OpenVPN. Thus i do agree as long as dnsmasq does not cache and it is pretty much okay with it.

  3. #13
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,744

    Re: 12.04 running DNSMASQ by default

    OK so it would seem now i am sober...LOL

    So on here https://blueprints.launchpad.net/ubu...-dns-resolving

    The caching issue has been discussed on the whiteboard.

    However as already stated there has been a few questions rose about it already and i imagine a few to come where people scan there own machines and see port 53 "open" such as this thread here

    http://ubuntuforums.org/showthread.php?t=1967131

    At least we now know the workarounds and potential issues should more posts arrive on the subject.

    Peace
    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  4. #14
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: 12.04 running DNSMASQ by default

    Thanks for finding that link, Haqking.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #15
    Join Date
    Sep 2011
    Beans
    1,531

    Re: 12.04 running DNSMASQ by default

    I'm still not clear on what this means for the average user. Does anyone know how to determine what the potential security problems are? Or how to assess my risk as an average user?

    I have googled for an answer but the only concerns I have found are in this thread (which has been copied to a bunch of places with no additional discussion beyond what's here).

    The only detailed discussion I have found on the subject is here (also copied in several other places), which simply states that the implementation has changed:
    http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/

    All the remaining sources that discuss dnsmasq in 12.04 only state that it has changed. I haven't found any discussions in the security community about concerns with DNSMASQ in 12.04. I have no idea where else to look for details about potential problems associated with DNSMASQ in 12.04 or how to determine what the threat level is for me as an average user.

  6. #16
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: 12.04 running DNSMASQ by default

    So far it doesn't really cause a security issue because it's not caching, but it does cause other sorts of problems with DNS from what I (and others) have seen around the forums.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  7. #17
    Join Date
    Sep 2011
    Beans
    1,531

    Re: 12.04 running DNSMASQ by default

    Quote Originally Posted by CharlesA View Post
    ...but it does cause other sorts of problems with DNS from what I (and others) have seen around the forums.
    Thanks CharlesA. To be clear, you've seen non-security related issues, correct?

  8. #18
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: 12.04 running DNSMASQ by default

    Quote Originally Posted by Ms. Daisy View Post
    Thanks CharlesA. To be clear, you've seen non-security related issues, correct?
    Yep.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  9. #19
    Join Date
    May 2012
    Beans
    52

    Re: 12.04 running DNSMASQ by default

    The discussion here is dead on point on some questions I had in two other threads. This is 1000% dif than the way you tinker with DNS resolution in doze.

    I'm trying to acheive two things:

    1) ALL DNS resolution going through OpenDNS.org.

    2) Managing a suscritpion to a VPN service with multiple servers.

    Should I disable / rm dnsmasq?

    wacky_sung, could you elaborate a little on the VPN issue? My subscription is compatible with any open VPN client. I opened another thread asking for rec's on a good client / GUI. But, what are the bugs under the hood in regards to DNS resolution?

    I know where / how to plug OpenDNS in to doze. But no idea where / how to plug it in to UB. And all the stuff I'm finding in my research is related to setting up a network to use your own DNS server rather than setting up a desktop to use a remote DNS server.
    Last edited by computeratin; May 11th, 2012 at 04:32 PM. Reason: clarification

  10. #20
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: 12.04 running DNSMASQ by default

    Just disable DNSMASQ and tell the machine to use opendns's servers either via dhcp or by setting them statically in /etc/network/interfaces
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Page 2 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •