** Changed in: dnsmasq (Ubuntu)
Status: Triaged => Invalid
** Summary changed:
- Validate DNSSEC by default
+ Please enhance NetworkManager such that DNSSEC validation is done whenever
possible
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/995332
Title:
Please enhance NetworkManager such that DNSSEC validation is done
whenever possible
Status in “dnsmasq” package in Ubuntu:
Invalid
Status in “network-manager” package in Ubuntu:
Triaged
Bug description:
Network Manager in Precise uses a local forwarding DNS server
(dnsmasq). This does not perform DNSSEC validation, although it is
configured to proxy the DNSSEC validation result from the upstream
server, for which the manpage mentions the following caveat:
"You should only do this if you trust all the configured upstream
nameservers and the network between you and them."
Since not all networks or upstream DNS servers are trustworthy, the
safest place to perform DNSSEC validation is on the client. Using a
local DNS server which cannot validate is a missed opportunity; by
replacing dnsmasq with a more-capable DNS server (e.g. Unbound)
security against DNS poisoning and MITM attacks could be improved.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
