ChinaDNS listens to 0.0.0.0 by default, which includes the WAN interface

shadowsocks / ChinaDNS

Protect yourself against DNS poisoning in China.

GNU General Public License v3.0

3.6k stars 1.29k forks source link

ChinaDNS listens to 0.0.0.0 by default, which includes the WAN interface #70

Closed mclee closed 9 years ago

mclee commented 9 years ago

If the router has a public accessible IP, then the ChinaDNS server will be open for probing. Will you consider implementing something like "--local-service" that dnsmasq does?

It seems like by enabling this dnsmasq will only answer DNS queries from hosts whose address is on a local subnet.

cpktpoetkxwz commented 9 years ago

Use option -b to specify the binding address.

mclee commented 9 years ago

@Pentiumluyu You probably didn't get my point. Take dnsmasq for example. It already has options like -a or -z to specify the address / interface. But by providing an option --local-service, default installs can be rest assured without knowing specifically which addresses or interface the user will be using for local queries.

Of course it's only a suggestion, but I think it's something worth mentioning.

clowwindy commented 9 years ago

Currently we only offer packages for OpenWRT, which has a default reject rule on its wan interface.