Default-dns method using host resolv.conf can leak internal names to VM
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Juniper Openstack | Status tracked in Trunk | |||||
| Trunk |
In Progress
|
High
|
Sergey Matov | |||
| Ubuntu |
Confirmed
|
Undecided
|
Unassigned | |||
Bug Description
Hello.
If default-dns used as network dns method we are using /etc/resolv.conf file of corresponding host in order to fetch nameservers list as forwarders for requests. In several cases this might be a security issue if internal DNS of compute node configured to serve internal names resolution.
Steps to reproduce:
0. If there is any interlan DNS running inside management network of cluster/cloud find a domain name that is visible only via this network OR can be visible via external world but "nslookup <name>" and "nslookup <name> 8.8.8.8" shows different IP in response
1. Setup default-dns method for network
2. Boot VM
3. Run nslookup to server defined in step 0
4. Response will show internal address.
For public cloud providers it's might be not good to let users having this kind of information.
| information type: | Proprietary → Public |
| Changed in juniperopenstack: | |
| assignee: | nobody → Sergey Matov (smatov) |
| tags: | added: config |
| OpenContrail Admin (ci-admin-f) wrote [Review update] master | #1 |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in ubuntu: | |
| status: | New → Confirmed |
Review in progress for https:/
Submitter: Sergey Matov (<email address hidden>)