On Tue, Feb 18, 2003 at 04:11:14PM +0100, Volker Stolz wrote: > In local.freebsd-hackers, you wrote: > > We've recently found a problem with dhclient that can DoS a DHCP > > server. If you have schg flags set on /etc/resolv.conf to stop dhcp > > overwriting your existing nameservers, the problem occurs. > > Basically, the client just keeps rejecting the IP details it has > > received from the server and requesting another. The server marks the > > record as used, and moves onto the next one. Over the course of a couple > > of minutes, you can pretty much mark an entire class C as in use. > > The problem of read-only resolv.conf is already documented in the PR > database and I think recently somebody started thinking about a solution. > Check http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/38778 > > That the server runs out of IPs is his probably his own fault. It > should be configured to not eat up all IPs when a host which already > has obtained a lease requests another one but simply hand out the old > one or deny the request... > > Stijn: Could you add your suggestion to the above PR?
Well I could but it's a workaround -- dhclient should imho be made not
to fail when it cannot write /etc/resolv.conf. That's a separate issue
from being able to set the contents of the newly written resolv.conf,
which is essentially what the supersede option does. All I was trying to
say was that there already is a solution for keeping your own nameservers
in /etc/resolv.conf.
That said, I will add some words to this effect to the PR.
--Stijn
--
The rain it raineth on the just
And also on the unjust fella,
But chiefly on the just, because
The unjust steals the just's umbrella.
msg39997/pgp00000.pgp
Description: PGP signature
