diff options
Diffstat (limited to 'package')
| -rw-r--r-- | package/dnsmasq/Makefile | 2 | ||||
| -rw-r--r-- | package/dnsmasq/files/dhcp.conf | 5 | ||||
| -rw-r--r-- | package/dnsmasq/files/dnsmasq.init | 23 |
3 files changed, 28 insertions, 2 deletions
diff --git a/package/dnsmasq/Makefile b/package/dnsmasq/Makefile index 987bc4088..852b126fc 100644 --- a/package/dnsmasq/Makefile +++ b/package/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.55 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/dnsmasq/files/dhcp.conf b/package/dnsmasq/files/dhcp.conf index 25ecde6f5..c79458fb2 100644 --- a/package/dnsmasq/files/dhcp.conf +++ b/package/dnsmasq/files/dhcp.conf @@ -1,8 +1,11 @@ config dnsmasq option domainneeded 1 option boguspriv 1 - option filterwin2k '0' #enable for dial on demand + option filterwin2k 0 # enable for dial on demand option localise_queries 1 + option rebind_protection 1 # disable if upstream must serve RFC1918 addresses + option rebind_localhost 0 # enable for RBL checking and similar services + #list rebind_domain example.lan # whitelist RFC1918 responses for domains option local '/lan/' option domain 'lan' option expandhosts 1 diff --git a/package/dnsmasq/files/dnsmasq.init b/package/dnsmasq/files/dnsmasq.init index 9bf89fa6d..49291a5c8 100644 --- a/package/dnsmasq/files/dnsmasq.init +++ b/package/dnsmasq/files/dnsmasq.init @@ -99,6 +99,29 @@ dnsmasq() { config_get hostsfile "$cfg" dhcphostsfile [ -e "$hostsfile" ] && append args "--dhcp-hostsfile=$hostsfile" + + local rebind + config_get_bool rebind "$cfg" rebind_protection 1 + [ $rebind -gt 0 ] && { + logger -t dnsmasq \ + "DNS rebinding protection is active," \ + "will discard upstream RFC1918 responses!" + append args "--stop-dns-rebind" + + local rebind_localhost + config_get_bool rebind_localhost "$cfg" rebind_localhost 0 + [ $rebind_localhost -gt 0 ] && { + logger -t dnsmasq "Allowing 127.0.0.0/8 responses" + append args "--rebind-localhost-ok" + } + + append_rebind_domain() { + logger -t dnsmasq "Allowing RFC1918 responses for domain $1" + append args "--rebind-domain-ok=$1" + } + + config_list_foreach "$cfg" rebind_domain append_rebind_domain + } } dhcp_subscrid_add() { |