Do not bind DNS resolver to special loopback addrs

Make sure we don't use 127.255.255.255/8 for the local DNS resolver,
as that is a broadcast address.

1 files changed, 10 insertions, 5 deletions

diff --git a/talpid-core/src/resolver.rs b/talpid-core/src/resolver.rs
index 0f7bbb3b2f..2fb61fb35d 100644
--- a/talpid-core/src/resolver.rs
+++ b/talpid-core/src/resolver.rs
@@ -40,7 +40,7 @@ use hickory_server::{
     },
     server::{Request, RequestHandler, ResponseHandler, ResponseInfo},
 };
-use rand::random;
+use rand::random_range;
 use socket2::{Domain, Protocol, Socket, Type};
 use std::sync::LazyLock;
 use talpid_types::drop_guard::{OnDrop, on_drop};
@@ -379,9 +379,9 @@ impl LocalResolver {
     /// Create a new [net::UdpSocket] bound to port 53 on loopback.
     ///
     /// This socket will try to bind to the following IPs in sequential order:
-    /// - random ip in the range 127.1-255.0-255.0-255 : 53
-    /// - random ip in the range 127.1-255.0-255.0-255 : 53
-    /// - random ip in the range 127.1-255.0-255.0-255 : 53
+    /// - random ip in the range 127.1-255.0-255.1-254 : 53
+    /// - random ip in the range 127.1-255.0-255.1-254 : 53
+    /// - random ip in the range 127.1-255.0-255.1-254 : 53
     /// - 127.0.0.1 : 53
     ///
     /// We do this to try and avoid collisions with other DNS servers running on the same system.
@@ -397,7 +397,12 @@ impl LocalResolver {
         use std::net::Ipv4Addr;
 
         let random_loopback = || async move {
-            let addr = Ipv4Addr::new(127, 1u8.max(random()), random(), random());
+            let addr = Ipv4Addr::new(
+                127,
+                random_range(1..=255),
+                random_range(0..=255),
+                random_range(1..=254),
+            );
 
             // TODO: this command requires root privileges and will thus not work in `cargo test`.
             // This means that the tests will fall back to 127.0.0.1, and will not assert that the