Commit 652aa4de authored by Thomas Markwalder's avatar Thomas Markwalder
Browse files

[master] Merge branch 'trac3383'

Warning message added to D2 about listening outside loopback
parents dfde8e94 dd5010df
......@@ -254,6 +254,14 @@ This is a debug message issued when the DHCP-DDNS application encountered an
error while decoding a response to DNS Update message. Typically, this error
will be encountered when a response message is malformed.
% DHCP_DDNS_NOT_ON_LOOPBACK the DHCP-DDNS server has been configured to listen on %1 which is not the local loopback. This is an insecure configuration supported for testing purposes only
This is a warning message issued when the DHCP-DDNS server is configured to
listen at an address other than the loopback address (127.0.0.1 or ::1). It is
possible for a malicious attacker to send bogus NameChangeRequests to it and
change entries in the DNS. For this reason, addresses other than the IPv4 or
IPv6 loopback addresses should only be used for testing purposes. A future
version of Kea will implement authentication to guard against such attacks.
% DHCP_DDNS_NO_ELIGIBLE_JOBS although there are queued requests, there are pending transactions for each Queue count: %1 Transaction count: %2
This is a debug message issued when all of the queued requests represent clients
for which there is a an update already in progress. This may occur under
......@@ -290,11 +298,9 @@ requests too quickly, or perhaps upstream DNS servers are experiencing
load issues.
% DHCP_DDNS_QUEUE_MGR_RECONFIGURING application is reconfiguring the queue manager
This is an informational message indicating that DHCP_DDNS is reconfiguring the
queue manager as part of normal startup or in response to a new configuration.
This is an informational message indicating that DHCP_DDNS is reconfiguring the queue manager as part of normal startup or in response to a new configuration.
% DHCP_DDNS_QUEUE_MGR_RECOVERING application is attempting to recover from a
queue manager IO error
% DHCP_DDNS_QUEUE_MGR_RECOVERING application is attempting to recover from a queue manager IO error
This is an informational message indicating that DHCP_DDNS is attempting to
restart the queue manager after it suffered an IO error while receiving
requests.
......
......@@ -329,6 +329,13 @@ D2Process::reconfigureQueueMgr() {
std::string ip_address;
uint32_t port;
getCfgMgr()->getContext()->getParam("ip_address", ip_address);
// Warn the user if the server address is not the loopback.
/// @todo Remove this once we provide a secure mechanism.
if (ip_address != "127.0.0.1" && ip_address != "::1") {
LOG_WARN(dctl_logger, DHCP_DDNS_NOT_ON_LOOPBACK).arg(ip_address);
}
getCfgMgr()->getContext()->getParam("port", port);
isc::asiolink::IOAddress addr(ip_address);
......
......@@ -602,4 +602,52 @@ TEST_F(D2ProcessTest, fatalErrorShutdown) {
elapsed.total_milliseconds() <= 2100);
}
/// @brief Used to permit visual inspection of logs to ensure
/// DHCP_DDNS_NOT_ON_LOOPBACK is issued when ip_address is not
/// loopback.
TEST_F(D2ProcessTest, notLoopbackTest) {
const char* config = "{ "
"\"interface\" : \"\" , "
"\"ip_address\" : \"0.0.0.0\" , "
"\"port\" : 53001, "
"\"tsig_keys\": [],"
"\"forward_ddns\" : {},"
"\"reverse_ddns\" : {}"
"}";
// Note we don't care nor can we predict if this
// succeeds or fails. The address and port may or may
// not be valid on the test host.
runWithConfig(config);
}
/// @brief Used to permit visual inspection of logs to ensure
/// DHCP_DDNS_NOT_ON_LOOPBACK is not issued.
TEST_F(D2ProcessTest, v4LoopbackTest) {
const char* config = "{ "
"\"interface\" : \"\" , "
"\"ip_address\" : \"127.0.0.1\" , "
"\"port\" : 53001, "
"\"tsig_keys\": [],"
"\"forward_ddns\" : {},"
"\"reverse_ddns\" : {}"
"}";
ASSERT_TRUE(runWithConfig(config));
}
/// @brief Used to permit visual inspection of logs to ensure
/// DHCP_DDNS_NOT_ON_LOOPBACK is not issued.
TEST_F(D2ProcessTest, v6LoopbackTest) {
const char* config = "{ "
"\"interface\" : \"\" , "
"\"ip_address\" : \"::1\" , "
"\"port\" : 53001, "
"\"tsig_keys\": [],"
"\"forward_ddns\" : {},"
"\"reverse_ddns\" : {}"
"}";
ASSERT_TRUE(runWithConfig(config));
}
} // end of anonymous namespace
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment