Skip to content

dns_proxy.go: Include 192.0.0.0/24 in private addresses? #321

Description

@wildy

Hi there.

We have a macOS 25 client running (at the time) ctrld 1.5.2. When the client connected to one particular iPhone hotspot, DNS resolution stopped working.

I tracked this down to this particular cellular carrier (Freenet Germany, https://www.freenet.de/) using 464XLAT. Freenet uses 192.0.0.0/24 for the IPv4 range that is passed to macOS CLAT, and this is not a standard RFC1918 address (it's RFC5736 - IANA IPv4 Special Purpose Address Registry).

With such a setup, ctrld might see requests coming in from the local host running the CLAT, using a source address of 192.0.0.2 (for example), which ctrld would consider a WAN request, according to the address selection logic at cmd/cli/dns_proxy.go:1132.

Workaround: explicitly set DNS to 127.0.0.1 for the affected hotspot connection, or change the ctrld config (either allow_wan_clients or set up a dedicated network for 192.0.0.0/24.)

Sadly, this is not the first time I see testing IP ranges abused for such purposes (I wonder why wouldn't they use the RFC6598 Shared Address Space?)

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions