https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278721
Bug ID: 278721 Summary: ldns uses nameserver commented out resolv.conf (host, drill) Product: Base System Version: 13.3-RELEASE Hardware: Any URL: https://github.com/NLnetLabs/ldns/issues/237 OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: b...@freebsd.org Reporter: gre...@freebsd.org CC: d...@freebsd.org, ema...@freebsd.org Given this innocent /etc/resolv.conf: # Generated by resolvconf # nameserver 192.168.1.1 # nameserver 8.8.8.8 nameserver 127.0.0.1 options edns0 (the third line needs to be empty) ldns actually sends requests to google DNS. Stripped down example: cat >/etc/resolv.conf <<EOF # g # nameserver 8.8.8.8 EOF drill www.google.com host www.google.com (there is no resolver running on localhost) This problem can lead to information leakage and (which hit me) break our setup, where local_unbound is serving a private zone, but google was contacted instead. Filed upstream, more details (and suggested solutions) can be found here: https://github.com/NLnetLabs/ldns/issues/237 CCed des and emaste, as they did the last import of ldns in 13.3 -- You are receiving this mail because: You are the assignee for the bug.