DNS caching disabled for 12.10...still
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Oct 17 11:52:55 UTC 2012
On 12-10-17 04:34 AM, Daniel J Blueman wrote:
> On 17 October 2012 16:18, Benjamin Kerensa <bkerensa at ubuntu.com> wrote:
>> On Wed, Oct 17, 2012 at 12:59 AM, Jordon Bedwell <jordon at envygeeks.com>
>>> On Tue, Oct 16, 2012 at 3:27 PM, Colin Watson <cjwatson at ubuntu.com> wrote:
>>>> For example, it allows changing nameservers reliably without having to
>>>> restart applications, and allows us to dispatch DNS queries on different
>>>> links depending on the domain (consider VPNs).
>>>
>>> Could there not be an option inside of NM that enables and disables
>>> DNS caching (or even on the right click menu for example, where we can
>>> easily disable networks on our laptops.) Maybe it could even be
>>> expanded to do except so you can disable the caching per interface
>>> too.
>
>> There could be an option but if I remember correctly we sync network-manager
>> from upstream so a change like that would likely be best made upstream.
>
> Above all, the way to address this is to share the reasoning of why
> DNS caching was disabled with the upstream NetworkManager and dnsmasq
> authors.
>
DNS caching was disabled for security reasons, among others, mainly
because using the same cache for all users allows one user to know where
other users have been by probing the cache, and because it is trivial to
poison the cache when you're a local user and can inspect information
available locally such as source ports. In a multi-user system, caching
needs to be done with a separate cache per user.
Marc.
--
Marc Deslauriers
Ubuntu Security Engineer | http://www.ubuntu.com/
Canonical Ltd. | http://www.canonical.com/
More information about the Ubuntu-devel-discuss
mailing list