![]() Currently any dhcp agent instance will work as an open resolver. For
deployments using publicly routed addresses for tenant networks, this
allows the agent being abused in dDoS attacks, see [1].
By setting the `--local-service` option dnsmasq will filter DNS queries
and reply only to queries from directly attached networks.
[1] https://bugs.launchpad.net/neutron/+bug/1501206
Conflicts:
neutron/cmd/sanity_check.py
Closes-Bug: 1501206
Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e
(cherry picked from commit
|
||
---|---|---|
.. | ||
eventlet | ||
sanity | ||
__init__.py | ||
ipset_cleanup.py | ||
keepalived_state_change.py | ||
linuxbridge_cleanup.py | ||
netns_cleanup.py | ||
ovs_cleanup.py | ||
pd_notify.py | ||
runtime_checks.py | ||
sanity_check.py |