From e2894cdbac901f229021dbe39050d7e874a34c86 Mon Sep 17 00:00:00 2001 From: Jason Rhinelander Date: Thu, 12 Aug 2021 20:05:13 -0300 Subject: [PATCH] Change default dns listen port to 953 (instead of 1053) Tom pointed out that it's slightly better to be a privileged port so that someone can't hijack it on a restart. --- SOURCES/default-dns.patch | 4 ++-- SPECS/lokinet.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/SOURCES/default-dns.patch b/SOURCES/default-dns.patch index 66beac950..b646e8a54 100644 --- a/SOURCES/default-dns.patch +++ b/SOURCES/default-dns.patch @@ -9,8 +9,8 @@ index 78d152602..8b07b0cec 100644 - constexpr Default DefaultDNSBind{"127.3.2.1:53"}; + // Fedora's systemd-resolved seems unable to connect to 127.3.2.1 for unknown reasons, + // however since systemd-resolved is perfectly happy with a different port so listen on -+ // localhost:1053 as a workaround. -+ constexpr Default DefaultDNSBind{"127.0.0.1:1053"}; ++ // localhost:953 as a workaround. ++ constexpr Default DefaultDNSBind{"127.0.0.1:953"}; #else constexpr Default DefaultDNSBind{"127.0.0.1:53"}; #endif diff --git a/SPECS/lokinet.spec b/SPECS/lokinet.spec index f9b787dc3..7f29c50e6 100644 --- a/SPECS/lokinet.spec +++ b/SPECS/lokinet.spec @@ -1,6 +1,6 @@ Name: lokinet Version: 0.9.5 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Lokinet anonymous, decentralized overlay network License: GPLv3+ @@ -161,6 +161,9 @@ fi %systemd_postun lokinet.service %changelog +* Thu Aug 12 2021 Jason Rhinelander - 0.9.5-6 +- Change default dns port from 1053 to 953 so that it is still privileged. + * Wed Aug 11 2021 Jason Rhinelander - 0.9.5-5 - Apply default upstream dns patch from PR #1715