Project

General

Profile

Bug #3483

DHCP server - lack of implicit values validation

Added by Doktor Notor over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
DHCP (IPv4)
Target version:
Start date:
02/24/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
All
Affected Architecture:

Description

1/ Put some IPv6 IPs as DNS servers into System - General Setup
2/ Disable DNS forwarder
3/ Configure some DHCPv4 pool, leaving the DNS servers empty.

Result: DHCP server does not run at all, due to putting the IPv6 DNS servers into DHCPv4 config file.

https://forum.pfsense.org/index.php/topic,73022.0.html
https://forum.pfsense.org/index.php/topic,73026.0.html

Associated revisions

Revision 3ad6b569 (diff)
Added by Phillip Davis over 7 years ago

Fix #3483 only use IPv4 DNS servers in DHCP v4 conf

Revision 6a201696 (diff)
Added by Phillip Davis over 7 years ago

Fix #3483 only use IPv4 DNS servers in DHCP v4 conf

Version for 2.1 branch

Revision 042436e8
Added by Ermal Luçi over 7 years ago

Merge pull request #970 from phil-davis/master

Fix #3483 only use IPv4 DNS servers in DHCP v4 conf

Revision a63f8ba8
Added by Ermal Luçi over 7 years ago

Merge pull request #971 from phil-davis/RELENG_2_1

Fix #3483 only use IPv4 DNS servers in DHCP v4 conf

History

#1 Updated by Bryan Paradis over 7 years ago

There was a fix implemented for the same sort of thing happening with Dns zones here that seems to strip off any bad ones or ipv6

https://redmine.pfsense.org/issues/3015
https://redmine.pfsense.org/projects/pfsense/repository/revisions/9399370b367df7b73b84d605f4f44599c93b0bbe/diff/etc/inc/services.inc

#3 Updated by Phillip Davis over 7 years ago

And also, if you have DNS Forwarder disabled, no DNS servers specified on the DHCPv4 page, and no IPv4 DHCP servers on System->General Setup, then no name server line is written to the DHCPv4 conf file (dhcpd.conf).
That has to be the expected behavior - the system has no IPv4 DNS available to it, so it can't tell IPv4 clients any DNS server IP address(es).

#4 Updated by Bryan Paradis over 7 years ago

Phillip Davis wrote:

And also, if you have DNS Forwarder disabled, no DNS servers specified on the DHCPv4 page, and no IPv4 DHCP servers on System->General Setup, then no name server line is written to the DHCPv4 conf file (dhcpd.conf).
That has to be the expected behavior - the system has no IPv4 DNS available to it, so it can't tell IPv4 clients any DNS server IP address(es).

You beat me to coding it :) Was just getting ready to work on this!

#5 Updated by Phillip Davis over 7 years ago

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

#6 Updated by Bryan Paradis over 7 years ago

Phillip Davis wrote:

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

vpn_l2tp_configure()

The process seems to load up fine even with a ipv6 dns server in the mpd4 conf file. I looked at the mdp4 and mdp5 manuals and there is no mention of ipv6 in the IPCP layer until version 5. We are running version 4 currently at least.

So no it doesn't error out when there is an ipv6 dns in the general system setup but does the ipv6 dns entry work? I doubt it but I am not sure and can't test further right now.

Just to note it takes the first two servers only I think as it adds the router LAN and then the first dns server it seems.

#7 Updated by Bryan Paradis over 7 years ago

Phillip Davis wrote:

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

vpn_pppoe_configure()

Seems like the same thing based on mpd4 again. So doubt it knows what to do with it but doesn't appear to error out the process.

#8 Updated by Phillip Davis over 7 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#10 Updated by Ermal Luçi over 7 years ago

#11 Updated by Ermal Luçi over 7 years ago

#12 Updated by Chris Buechler over 7 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF