Default-dns method using host resolv.conf can leak internal names to VM
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
Trunk |
In Progress
|
High
|
Sergey Matov | |||
Ubuntu |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hello.
If default-dns used as network dns method we are using /etc/resolv.conf file of corresponding host in order to fetch nameservers list as forwarders for requests. In several cases this might be a security issue if internal DNS of compute node configured to serve internal names resolution.
Steps to reproduce:
0. If there is any interlan DNS running inside management network of cluster/cloud find a domain name that is visible only via this network OR can be visible via external world but "nslookup <name>" and "nslookup <name> 8.8.8.8" shows different IP in response
1. Setup default-dns method for network
2. Boot VM
3. Run nslookup to server defined in step 0
4. Response will show internal address.
For public cloud providers it's might be not good to let users having this kind of information.
information type: | Proprietary → Public |
Changed in juniperopenstack: | |
assignee: | nobody → Sergey Matov (smatov) |
tags: | added: config |
Review in progress for https:/ /review. opencontrail. org/38457
Submitter: Sergey Matov (<email address hidden>)