** Changed in: dnsmasq (Ubuntu) Status: Triaged => Invalid ** Summary changed:
- Validate DNSSEC by default + Please enhance NetworkManager such that DNSSEC validation is done whenever possible -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/995332 Title: Please enhance NetworkManager such that DNSSEC validation is done whenever possible Status in “dnsmasq” package in Ubuntu: Invalid Status in “network-manager” package in Ubuntu: Triaged Bug description: Network Manager in Precise uses a local forwarding DNS server (dnsmasq). This does not perform DNSSEC validation, although it is configured to proxy the DNSSEC validation result from the upstream server, for which the manpage mentions the following caveat: "You should only do this if you trust all the configured upstream nameservers and the network between you and them." Since not all networks or upstream DNS servers are trustworthy, the safest place to perform DNSSEC validation is on the client. Using a local DNS server which cannot validate is a missed opportunity; by replacing dnsmasq with a more-capable DNS server (e.g. Unbound) security against DNS poisoning and MITM attacks could be improved. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp