Use --bind-dynamic with dnsmasq instead of --bind-interfaces
Dnsmasq emits a warning when started in most neutron deployments: dnsmasq[27287]: LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s) Since option --bind-dynamic is available since dnsmasq 2.63 (https://github.com/liquidm/dnsmasq/blob/master/FAQ#L239) and we require 2.67, change to use this option instead. Change-Id: Id7971bd99b04aca38180ff109f542422b1a925d5 Closes-bug: #1828473
This commit is contained in:
parent
bd3d85807c
commit
09ee934786
@ -354,14 +354,10 @@ class Dnsmasq(DhcpLocalProcess):
|
||||
'--dhcp-match=set:ipxe,175',
|
||||
'--dhcp-userclass=set:ipxe6,iPXE',
|
||||
'--local-service',
|
||||
'--bind-dynamic',
|
||||
]
|
||||
if self.device_manager.driver.bridged:
|
||||
if not self.device_manager.driver.bridged:
|
||||
cmd += [
|
||||
'--bind-interfaces',
|
||||
]
|
||||
else:
|
||||
cmd += [
|
||||
'--bind-dynamic',
|
||||
'--bridge-interface=%s,tap*' % self.interface_name,
|
||||
]
|
||||
|
||||
|
@ -1260,7 +1260,8 @@ class TestDnsmasq(TestBase):
|
||||
def _test_spawn(self, extra_options, network=FakeDualNetwork(),
|
||||
max_leases=16777216, lease_duration=86400,
|
||||
has_static=True, no_resolv='--no-resolv',
|
||||
has_stateless=True, dhcp_t1=0, dhcp_t2=0):
|
||||
has_stateless=True, dhcp_t1=0, dhcp_t2=0,
|
||||
bridged=True):
|
||||
def mock_get_conf_file_name(kind):
|
||||
return '/dhcp/%s/%s' % (network.id, kind)
|
||||
|
||||
@ -1281,8 +1282,12 @@ class TestDnsmasq(TestBase):
|
||||
'--dhcp-match=set:ipxe,175',
|
||||
'--dhcp-userclass=set:ipxe6,iPXE',
|
||||
'--local-service',
|
||||
'--bind-interfaces',
|
||||
'--bind-dynamic',
|
||||
]
|
||||
if not bridged:
|
||||
expected += [
|
||||
'--bridge-interface=tap0,tap*'
|
||||
]
|
||||
|
||||
seconds = ''
|
||||
if lease_duration == -1:
|
||||
@ -1356,6 +1361,11 @@ class TestDnsmasq(TestBase):
|
||||
def test_spawn(self):
|
||||
self._test_spawn(['--conf-file=', '--domain=openstacklocal'])
|
||||
|
||||
def test_spawn_not_bridged(self):
|
||||
self.mock_mgr.return_value.driver.bridged = False
|
||||
self._test_spawn(['--conf-file=', '--domain=openstacklocal'],
|
||||
bridged=False)
|
||||
|
||||
def test_spawn_infinite_lease_duration(self):
|
||||
self.conf.set_override('dhcp_lease_duration', -1)
|
||||
self._test_spawn(['--conf-file=', '--domain=openstacklocal'],
|
||||
|
Loading…
Reference in New Issue
Block a user