DNS caching disabled for 12.10...still
Daniel J Blueman
daniel at quora.org
Sun Oct 7 07:28:11 UTC 2012
DNS caching was previously disabled [1] when dnsmasq was introduced in
12.04 (one of the benefits), "to prevent privacy issues, and to
prevent local users from spying on source ports and trivially
performing a birthday attack in order to poison the cache".
Since dnsmasq eg introduced the standard port-randomisation
mitigations [2] for Birthday attacks in 2008 and related hardening,
what are the other technical reasons we should still keep this
disablement, despite upstream keeping DNS caching enabled? (ie should
upstream also disable DNS caching?)
Of course, the impact of disabling DNS caching is considerable.
Thanks!
Daniel
[1] https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/903854
[2] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002148.html
--
Daniel J Blueman
More information about the Ubuntu-devel-discuss
mailing list