On 04/18/2015 02:25 PM, Björn Persson wrote: > Philip Prindeville wrote: >> I recently opened a bug with glibc because persistent programs (like >> Thunderbird, etc) don't seem to handle roaming onto different >> networks very well. >> >> Or rather, they rely on libresolv which opens /etc/resolv.conf at >> startup and then ignores changes to the file for the rest of the time >> the process it is linked to is running. >> >> This might have been fine for desktop tower computers in the 1980's >> (though even then we had PPP and dynamic network settings), but we're >> in the era of pervasive laptops with internet connections and you're >> settings are going to be volatile. Period. > On the other hand those laptops are moving around in a rather hostile > environment, so they really ought to start doing DNSsec validation > locally as soon as possible, preferably several years ago. That means > that libresolv will only ever query the resolver daemon on the local > host, and has no need to check for updates to resolv.conf. > > Some installations may be able to rely on a trusted DNS server doing > the validation for them, but then their resolv.conf is static, so again > there is no need to check for updates. > > Björn Persson >
If you're getting bad resolver addresses from your DHCP server, aren't you also potentially getting a bad default gateway and hence setting yourself up for a man-in-the-middle attack? -Philip -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
