Date: Fri, 03 May 2024 16:07:30 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 278721] ldns uses nameserver commented out resolv.conf (host, drill) Message-ID: <bug-278721-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278721 Bug ID: 278721 Summary: ldns uses nameserver commented out resolv.conf (host, drill) Product: Base System Version: 13.3-RELEASE Hardware: Any URL: https://github.com/NLnetLabs/ldns/issues/237 OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: grembo@FreeBSD.org CC: des@FreeBSD.org, emaste@freebsd.org Given this innocent /etc/resolv.conf: # Generated by resolvconf # nameserver 192.168.1.1 # nameserver 8.8.8.8 nameserver 127.0.0.1 options edns0 (the third line needs to be empty) ldns actually sends requests to google DNS. Stripped down example: cat >/etc/resolv.conf <<EOF # g # nameserver 8.8.8.8 EOF drill www.google.com host www.google.com (there is no resolver running on localhost) This problem can lead to information leakage and (which hit me) break our setup, where local_unbound is serving a private zone, but google was contac= ted instead. Filed upstream, more details (and suggested solutions) can be found here: https://github.com/NLnetLabs/ldns/issues/237 CCed des and emaste, as they did the last import of ldns in 13.3 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-278721-227>