Comment 5 for bug 1501206

In the scenario, outlined above using DHCP on a publicly routable network is a known limitation of the current setup. dnsmasq is not a recursive resolver (it's a forwarder). We should tighten the rules and I would be happy to work on it unless someone has a patch already.

The question is whether the bug should be embargoed. I'd lean towards working on this in the open since is an easily discoverable situation and known limitation of using the DHCP service on a public segment. I don't believe that haring this information with others would lead to increased DNS attacks on existing deployments since scanning tools already exist to find vulnerable DNS servers. Once a fix is available in stable branches we should notify interested parties.