openwrtv4/package/network/services
Kevin Darbyshire-Bryant a45f4f50e1 dnsmasq: add dhcp-ignore-names support - CERT VU#598349
dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for
specific hostnames.  Clients claiming certain hostnames and thus
claiming DNS namespace represent a potential security risk. e.g. a
malicious host could claim 'wpad' for itself and redirect other web
client requests to it for nefarious purpose. See CERT VU#598349 for more
details.

Some Samsung TVs are claiming the hostname 'localhost', it is believed
not (yet) for nefarious purposes.

/usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames
in correct syntax to be excluded. e.g.

dhcp-name-match=set:dhcp_bogus_hostname,localhost

Inclusion of this file is controlled by uci option dhcpbogushostname
which is enabled by default.

To be absolutely clear, DHCP leases to these requesting hosts are still
permitted, but they do NOT get to claim ownership of the hostname
itself and hence put into DNS for other hosts to be confused/manipulate by.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-09 09:45:16 +01:00
..
dnsmasq dnsmasq: add dhcp-ignore-names support - CERT VU#598349 2018-10-09 09:45:16 +01:00
dropbear dropbear: Install /etc/config as 600 2018-09-19 09:41:28 +01:00
ead ead: use new protocol setting API since libpcap 1.9.0 2018-07-27 11:17:20 +02:00
hostapd hostapd: add acs feature indication 2018-09-29 17:23:11 +02:00
igmpproxy igmpproxy: drop SSDP packets 2018-07-30 10:43:36 +02:00
ipset-dns ipset-dns: bump to git HEAD 2017-10-08 20:51:03 +03:00
lldpd package/lldp: don't link against libbsd on !USE_GLIBC builds 2018-10-05 00:44:55 +02:00
odhcpd odhcpd: update to latest git HEAD (FS#1853) 2018-10-07 15:11:36 +02:00
omcproxy omcproxy: silence fw3 warnings 2018-01-10 21:38:55 +01:00
openvpn treewide: Bump PKG_RELEASE due to mbedtls update 2018-07-30 10:35:12 +02:00
openvpn-easy-rsa openvpn-easy-rsa: update to 3.0.4 2018-07-30 10:43:38 +02:00
ppp ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values 2018-08-30 15:19:45 +02:00
relayd treewide: replace LEDE_GIT with PROJECT_GIT 2018-01-10 21:27:32 +01:00
samba36 samba36: Enable umdnsd support 2018-08-22 11:23:02 +02:00
uhttpd uhttpd: support multiple Lua prefixes 2018-08-23 09:18:04 +02:00
umdns treewide: replace LEDE_GIT with PROJECT_GIT 2018-01-10 21:27:32 +01:00
wireguard wireguard: bump to 0.0.20181007 2018-10-09 09:11:58 +01:00