Project

General

Profile

Actions

Bug #3483

closed

DHCP server - lack of implicit values validation

Added by Doktor Notor over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
DHCP (IPv4)
Target version:
Start date:
02/24/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

1/ Put some IPv6 IPs as DNS servers into System - General Setup
2/ Disable DNS forwarder
3/ Configure some DHCPv4 pool, leaving the DNS servers empty.

Result: DHCP server does not run at all, due to putting the IPv6 DNS servers into DHCPv4 config file.

https://forum.pfsense.org/index.php/topic,73022.0.html
https://forum.pfsense.org/index.php/topic,73026.0.html

Actions #1

Updated by Bryan Paradis over 10 years ago

There was a fix implemented for the same sort of thing happening with Dns zones here that seems to strip off any bad ones or ipv6

https://redmine.pfsense.org/issues/3015
https://redmine.pfsense.org/projects/pfsense/repository/revisions/9399370b367df7b73b84d605f4f44599c93b0bbe/diff/etc/inc/services.inc

Actions #3

Updated by Phillip Davis over 10 years ago

And also, if you have DNS Forwarder disabled, no DNS servers specified on the DHCPv4 page, and no IPv4 DHCP servers on System->General Setup, then no name server line is written to the DHCPv4 conf file (dhcpd.conf).
That has to be the expected behavior - the system has no IPv4 DNS available to it, so it can't tell IPv4 clients any DNS server IP address(es).

Actions #4

Updated by Bryan Paradis over 10 years ago

Phillip Davis wrote:

And also, if you have DNS Forwarder disabled, no DNS servers specified on the DHCPv4 page, and no IPv4 DHCP servers on System->General Setup, then no name server line is written to the DHCPv4 conf file (dhcpd.conf).
That has to be the expected behavior - the system has no IPv4 DNS available to it, so it can't tell IPv4 clients any DNS server IP address(es).

You beat me to coding it :) Was just getting ready to work on this!

Actions #5

Updated by Phillip Davis over 10 years ago

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

Actions #6

Updated by Bryan Paradis over 10 years ago

Phillip Davis wrote:

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

vpn_l2tp_configure()

The process seems to load up fine even with a ipv6 dns server in the mpd4 conf file. I looked at the mdp4 and mdp5 manuals and there is no mention of ipv6 in the IPCP layer until version 5. We are running version 4 currently at least.

So no it doesn't error out when there is an ipv6 dns in the general system setup but does the ipv6 dns entry work? I doubt it but I am not sure and can't test further right now.

Just to note it takes the first two servers only I think as it adds the router LAN and then the first dns server it seems.

Actions #7

Updated by Bryan Paradis over 10 years ago

Phillip Davis wrote:

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

vpn_pppoe_configure()

Seems like the same thing based on mpd4 again. So doubt it knows what to do with it but doesn't appear to error out the process.

Actions #8

Updated by Phillip Davis over 10 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #10

Updated by Ermal Luçi over 10 years ago

Actions #11

Updated by Ermal Luçi over 10 years ago

Actions #12

Updated by Chris Buechler over 10 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF