duo_unix icon indicating copy to clipboard operation
duo_unix copied to clipboard

Published 20 hours ago verified publisher icon duosecurity

8.8.8.8 DNS Server is hardcoded

Open AaronAtDuo opened this issue 1 year ago • 1 comments

Description

In https://github.com/duosecurity/duo_unix/blob/master/lib/util.c#L272 we have the Google DNS server hard-coded sin.sin_addr.s_addr = inet_addr("8.8.8.8"); /* XXX Google's DNS Server */ Which could be a problem if that's blocked for whatever reason.

As far as I can tell, we aren't actually using/needing DNS here anyway, we just need an IP to create a socket so we can determine the local machine's IP.

Expected Behavior

See if we can avoid needing an external IP at all; if not, maybe make a config option?

Actual Behavior

Access to 8.8.8.8 is necessary for Duo Unix to function.

Steps to Reproduce

N/A

Workarounds

N/A

AaronAtDuo avatar Aug 21 '23 14:08 AaronAtDuo

Customer here - there are many networks where we block external DNS resolvers. We absolutely detest coming across software that uses such resolvers with no way to change the behavior of.

Just in case you needed some customer sentiment to move this along.

kfiresmith avatar Jul 30 '24 17:07 kfiresmith