Bug#343140: resolver uses the search list before other address families

To: 343140@bugs.debian.org, debian-security@lists.debian.org
Subject: Bug#343140: resolver uses the search list before other address families
From: Ludovic Drolez <ldrolez@debian.org>
Date: Tue, 24 Jan 2006 17:00:09 +0100
Message-id: <[🔎] 43D64F09.3000803@debian.org>
Reply-to: Ludovic Drolez <ldrolez@debian.org>, 343140@bugs.debian.org

Hi,

I think that this bug (#343140) could also be a security problem.

Indeed, lots of IPv6 DNS queries related to internal hosts are then blindly
forwarded to the root servers or to bind's "forwarders". So someone on the
Internet will be able to discover your LAN hosts.

To stop this information leak there could be a few solutions:
- tell the libc6 not to try IPv6 DNS queries, or try IPv4 before IPv6
(resolv.conf option ?)
- or configure bind to filter IPv6 queries
- or finding a nice iptables rule which stops IPv6 queries.

Cheers,

  Ludovic.

-- 
http://www.palmopensource.com	- The PalmOS open source portal
http://www.drolez.com		- Personal site

Reply to:

Follow-Ups:
- Bug#343140: resolver uses the search list before other address families
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Bug#317082: Not just a dpkg bug
Next by Date: Bug#317082: Not just a dpkg bug
Previous by thread: Bug#343140: resolver uses the search list before other address families
Next by thread: Bug#343140: resolver uses the search list before other address families
Index(es):
- Date
- Thread