may accept requests via interfaces other than tailscale0 #216
Description
Since enabling tailscale we are seeing a couple new dnsmasq warnings.
LOUD WARNING: listening on 100.111.226.23 may accept requests via interfaces other than tailscale0
LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)
Upon doing some research, bind-dynamic will only bind to one interface, which is not what we want in this case.
"bind-dynamic" enables dnsmasq to bind to a specific network interface when it starts up. By default, dnsmasq binds to all available network interfaces, but with the "bind-dynamic" option, it can bind to a specific interface dynamically based on the network conditions at startup.
"bind-interfaces" tells dnsmasq to bind only to the interfaces that are configured with IP addresses. If this option is not set, dnsmasq will bind to all available interfaces, including loopback and virtual interfaces.
Here's how dnsmasq decides which interface to bind to when "bind-dynamic" is enabled:
- If there is only one available interface with an assigned IP address, dnsmasq will bind to that interface.
- If there are multiple interfaces with assigned IP addresses, dnsmasq will select the interface with the highest priority according to the routing table.
- If multiple interfaces have the same priority, dnsmasq will select the interface with the lowest index number as listed in the output of the "ip addr show" command.
So for now I think it's safe to ignore those warnings and just refer back to this issue.