[Bug 995332] Re: Validate DNSSEC by default
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Fri May 11 22:24:27 UTC 2012
This wouldn't really be different that=n using libc for resolving, so I
don't think it really qualifies as a security issue.
You can still perform DNSSEC validation, which is the actual difference
from if DNSSEC proxying wasn't supported by dnsmasq. Granted, it doesn't
automatically do the validation itself, but neither do most programs (or
libc).
Should you want to have DNSSEC validation on your system for now, you
might want to install the DNSSEC Validator plugin for Firefox.
It definitely should be done, but this will depend on work upstream or
by developers. In other words, patches welcome, for fixing dnsmasq
itself.
We may look into adding support for unbound as a resolver in NM; to be
determined.
** Changed in: network-manager (Ubuntu)
Status: New => Triaged
** Changed in: network-manager (Ubuntu)
Importance: Undecided => Wishlist
** Also affects: dnsmasq (Ubuntu)
Importance: Undecided
Status: New
** Changed in: dnsmasq (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: dnsmasq (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/995332
Title:
Validate DNSSEC by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions
More information about the Ubuntu-server-bugs
mailing list