Unix/Linux Go Back    


UNIX and Linux Applications Discuss UNIX and Linux software applications. This includes SQL, Databases, Middleware, MOM, SOA, EDA, CEP, BI, BPM and similar topics.

Using avahi to publish IPV6 DNSservers - Security?

UNIX and Linux Applications


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 03-19-2016
darktux darktux is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 11 December 2016, 9:53 AM EST
Location: Austria
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
[Solved] Using avahi to publish IPV6 DNSservers - Security?

Hello,

we use here internal avahi to publish IPV6 DNSservers. It was the easiest way for us to use the service with radvd. Here is the part from the avahiconf:
publish-dns-servers=IPV6adress-dns-server
This works really fine. But my problem is the security. When you have this config for example in an public locaten. Some go here and broadcast his own dnsserver.

There is some file "/etc/mdns.allow". Here can you set domainnames. But this is only "from this client". For example: "tux.at"
When this is set, only client in the avahi-domain "tux.at" are dissolvable.

But what I would like to know is, is there a place on the client where i can set the IPadress of the server that is allowed to publish his dnsservers?

Thanks for help
Best Regards

Last edited by darktux; 04-22-2016 at 05:32 PM..
Sponsored Links
    #2  
Old Unix and Linux 03-21-2016
fpmurphy's Unix or Linux Image
fpmurphy fpmurphy is offline Forum Staff  
who?
 
Join Date: Dec 2003
Last Activity: 12 June 2016, 11:03 PM EDT
Location: /dev/ph
Posts: 4,996
Thanks: 73
Thanked 475 Times in 437 Posts
As far as I know, no. Avahi was not designed with security as a priority.
Sponsored Links
    #3  
Old Unix and Linux 03-23-2016
darktux darktux is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 11 December 2016, 9:53 AM EST
Location: Austria
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
Quote:
Originally Posted by fpmurphy View Post
As far as I know, no. Avahi was not designed with security as a priority.
Yes, i know. But i don't know i can publish IPV6 DNSserver without it. Is it possible to use an IPV6 DHCPserver only for DNS?

Best Regards
    #4  
Old Unix and Linux 04-22-2016
darktux darktux is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 11 December 2016, 9:53 AM EST
Location: Austria
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
changed to an Layer3 Switch. HP2920. It gives all clients an IPV6 DNS over Router Advertisements. I think this is the better way.

Best Regards
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
avahi , change the log location prpkrk UNIX for Dummies Questions & Answers 1 08-02-2012 01:14 PM



All times are GMT -4. The time now is 04:59 AM.