You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Wido den Hollander (JIRA)" <ji...@apache.org> on 2014/07/07 07:41:34 UTC
[jira] [Commented] (CLOUDSTACK-5494) the dns resolver servers on
the VRs are open to the world
[ https://issues.apache.org/jira/browse/CLOUDSTACK-5494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14053365#comment-14053365 ]
Wido den Hollander commented on CLOUDSTACK-5494:
------------------------------------------------
I'm using the fix Nux shows above, but we have to fix this in the VR.
In case of multiple subnets these will always be tied to "eth0", so can't we simply get the subnet from the routing table and only allow those?
Would be a simple fix
> the dns resolver servers on the VRs are open to the world
> ---------------------------------------------------------
>
> Key: CLOUDSTACK-5494
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5494
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Affects Versions: 4.2.0, 4.3.0
> Reporter: Wei Zhou
> Assignee: Jayapal Reddy
> Priority: Critical
> Labels: security
> Fix For: Future
>
>
> Currently the port 53 (tcp and udp) on virtual routers are open, so everyone on the internet can visit the dns service on virtual routers. This may cause overload and security issue.
--
This message was sent by Atlassian JIRA
(v6.2#6252)