Pro tip: "ddns-updates off" in dhcpd.conf

I noticed that the recent update had dhcpd in it. For no particular reason I decided to do a minor health check and see what it was doing. I was surprised to see that dhcpd was listening on some random high port in addition to its usual dhcp port. [root@shorty ~]# ps -ef | grep dhcp dhcpd 1352 1 0 09:41 ? 00:00:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid [root@shorty ~]# ls -al /proc/1352/fd lrwx------. 1 root root 64 Apr 23 09:43 20 -> 'socket:[24079]' /proc/net/udp showed the socket bound to port 36755 [root@shorty ~]# netstat -a | grep 36755 udp 0 0 0.0.0.0:36755 0.0.0.0:* The regular dhcp port correctly listens only on the subnet. But this thing is open to the whole wide world. Some searching around found that people noticed this ten years ago, and it's something dynamic dns-related. There was no configuration option to turn it off when people were talking about it. There was only a compile-time option. I combed through the man page. "ddns-updates off" sounded like a promising candidate, I put it into dhcpd.conf, restarted dhcpd, and I don't see dhcpd listening on some high port anymore. This doesn't really matter for Fedora, firewalld will block this. But it's awesome how this is enabled by default, and it's listening on all IP addresses, and not just the DHCP subnet.