Re: DNS caching disabled for 12.10...still
On Sun, Oct 7, 2012 at 11:35 PM, Daniel J Blueman dan...@quora.org wrote: [...] Good tip on the workaround, Mathieu. Looks like this doesn't work in Ubuntu 12.10 pre-release here: # echo cache-size=400 /etc/NetworkManager/dnsmasq.d/cache reboot $ ps -ef | grep dnsmasq nobody2057 1128 0 11:29 ?00:00:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/nm-dns-dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d You can't see it on the command-line. Things are evaluated in order; command-line parameters first, up to the --conf-dir parameter, and then the files in that directory will be looked at and configuration taken into account. However, it won't change the actual command-line for the application, since it's indeed how it was started. To see the result, you'll want to kill dnsmasq with the SIGUSR1 signal -- this will force it to write out statistics to syslog. This is also the way to list the nameservers used by dnsmasq. Regards, Mathieu Trudel-Lapierre mathieu...@ubuntu.com Freenode: cyphermox, Jabber: mathieu...@gmail.com 4096R/EE018C93 1967 8F7D 03A1 8F38 732E FF82 C126 33E1 EE01 8C93 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: DNS caching disabled for 12.10...still
On 8 October 2012 21:10, Mathieu Trudel-Lapierre mathieu...@ubuntu.com wrote: On Sun, Oct 7, 2012 at 11:35 PM, Daniel J Blueman dan...@quora.org wrote: [...] Good tip on the workaround, Mathieu. Looks like this doesn't work in Ubuntu 12.10 pre-release here: # echo cache-size=400 /etc/NetworkManager/dnsmasq.d/cache reboot $ ps -ef | grep dnsmasq nobody2057 1128 0 11:29 ?00:00:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/nm-dns-dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d You can't see it on the command-line. Things are evaluated in order; command-line parameters first, up to the --conf-dir parameter, and then the files in that directory will be looked at and configuration taken into account. However, it won't change the actual command-line for the application, since it's indeed how it was started. To see the result, you'll want to kill dnsmasq with the SIGUSR1 signal -- this will force it to write out statistics to syslog. This is also the way to list the nameservers used by dnsmasq. Great; adding this file back in, caching is working as expected. Thanks, Daniel -- Daniel J Blueman -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: DNS caching disabled for 12.10...still
On 8 October 2012 13:24, Jordon Bedwell jor...@envygeeks.com wrote: On Sun, Oct 7, 2012 at 10:47 PM, Daniel J Blueman dan...@quora.org wrote: Can you elaborate the specific reasons/mechanisms why without per-user caching, dnsmasq is still a security weakness? At least these views should be shared upstream so we can work on resolving the issues. It's a subjective security issue IMO. Pretty flawed in some cases, in others it sounds like the guy who only pokes the bear while it's in the cage and if the cage is nowhere to be found then it's game over, won't even go near it. What I am saying is for the average user it's a case of why are you letting them on your PC at all if you do not have a single ounce of trust and absolutely need per-user caching because you fear they will attempt to poison you. For other environments it's another situation but those environments are the rule apparently and not the exception... even though they are the minority IMO. Subjective of not, there was a list of reasons which will added up to let's disable it; I really think we should get this list (particularly since upstream and other distros allow the caching) and reevaluate. It's too late for the release, sure. Anyone? Daniel -- Daniel J Blueman -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
