mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-04-21 05:26:40 +02:00
7b3d064a64
> --local-service > It is intended to be set as a default on installation, to allow > unconfigured installations to be useful but also safe from being used > for DNS amplification attacks.
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
--- a/dnsmasq.conf.example
|
|
+++ b/dnsmasq.conf.example
|
|
@@ -21,8 +21,8 @@
|
|
#bogus-priv
|
|
|
|
# Uncomment these to enable DNSSEC validation and caching:
|
|
-# (Requires dnsmasq to be built with DNSSEC option.)
|
|
-#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
|
|
+# (Requires dnsmasq-dnssec package to be installed)
|
|
+#conf-file=/usr/share/dnsmasq/trust-anchors.conf
|
|
#dnssec
|
|
|
|
# Replies which are not DNSSEC signed may be legitimate, because the domain
|
|
@@ -96,9 +96,13 @@
|
|
|
|
# If you want dnsmasq to change uid and gid to something other
|
|
# than the default, edit the following lines.
|
|
-#user=
|
|
-#group=
|
|
+#user=dnsmasq
|
|
+#group=dnsmasq
|
|
|
|
+# Serve DNS and DHCP only to networks directly connected to this machine.
|
|
+# Any interface= line will override it.
|
|
+local-service
|
|
+
|
|
# If you want dnsmasq to listen for DHCP and DNS requests only on
|
|
# specified interfaces (and the loopback) give the name of the
|
|
# interface (eg eth0) here.
|
|
@@ -671,7 +675,7 @@
|
|
#conf-dir=/etc/dnsmasq.d,.bak
|
|
|
|
# Include all files in a directory which end in .conf
|
|
-#conf-dir=/etc/dnsmasq.d/,*.conf
|
|
+conf-dir=/etc/dnsmasq.d/,*.conf
|
|
|
|
# If a DHCP client claims that its name is "wpad", ignore that.
|
|
# This fixes a security hole. see CERT Vulnerability VU#598349
|