DNS caching disabled for 12.10...still
Paul Graydon
paul at paulgraydon.co.uk
Sun Oct 7 23:13:14 UTC 2012
If DNS caching is being disabled in dnsmasq, what value is being had
from using dnsmasq by default with network connections? Seems like it
just presents another potential failure point.
On 10/07/2012 09:19 AM, Stéphane Graber wrote:
> On 10/07/2012 04:32 AM, Benjamin Kerensa wrote:
>> On Oct 7, 2012 12:28 AM, "Daniel J Blueman" <daniel at quora.org
>> <mailto:daniel at quora.org>> wrote:
>>> DNS caching was previously disabled [1] when dnsmasq was introduced in
>>> 12.04 (one of the benefits), "to prevent privacy issues, and to
>>> prevent local users from spying on source ports and trivially
>>> performing a birthday attack in order to poison the cache".
>>>
>>> Since dnsmasq eg introduced the standard port-randomisation
>>> mitigations [2] for Birthday attacks in 2008 and related hardening,
>>> what are the other technical reasons we should still keep this
>>> disablement, despite upstream keeping DNS caching enabled? (ie should
>>> upstream also disable DNS caching?)
>>>
>>> Of course, the impact of disabling DNS caching is considerable.
>>>
>>> Thanks!
>>> Daniel
>>>
>>> [1] https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/903854
>>> [2]
>> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002148.html
>>> --
>>> Daniel J Blueman
>>>
>> Good points it does look like hardening and addressing some of the
>> concerns has occurred it is possible perhaps that enabling caching was
>> just overlooked but either way it would be nice to see it enabled in 13.04.
> dnsmasq still doesn't support per-user caching so it still doesn't meet
> the criteria we discussed with the security team last cycle and as such
> as kept in its current configuration.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20121007/584ab7b5/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list