cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jayapal Reddy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-5494) the dns resolver servers on the VRs are open to the world
Date Wed, 18 Dec 2013 07:16:08 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-5494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13851461#comment-13851461
] 

Jayapal Reddy commented on CLOUDSTACK-5494:
-------------------------------------------

In case of isolated networks  port 53 (tcp,udp) is accepted on guest interface.
On shared network we have only one public interface on the router. So dns queries on this
interface should be accepted 
only on  the CS public ip range.

> the dns resolver servers on the VRs are open to the world
> ---------------------------------------------------------
>
>                 Key: CLOUDSTACK-5494
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5494
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.2.0, 4.3.0
>            Reporter: Wei Zhou
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.3.0
>
>
> Currently the port 53 (tcp and udp) on virtual routers are open, so everyone on the internet
can visit the dns service on virtual routers. This may cause overload and security issue.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message