Timo van Roermund wrote: > Package: dnsmasq Version: 2.55-1 Severity: wishlist > > > Recently, there is a lot of fuzz around DNS rebinding attacks. I > think it is a good idea to add the 'stop-dns-rebind' option to the > default configuration file for Debian in order to prevent such > attacks. >
I disagree. stop-dns-rebind essentially breaks DNS for a particular set of queries. This may or may not be useful, depending on circumstances, but experience (with filter-win2k, which is similar and used to be on by default in Debian) says that if you make it the default, people for whom it's not a useful function will regard this as a bug. It's fine to break the DNS for particular queries if the user asks for that, but not by default, and especially not when this is a change in behaviour from earlier versions, Cheers, Simon. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org