[Bug 995332] Re: Please enhance NetworkManager such that DNSSEC validation is done whenever possible
Do NOT use DNSSEC-proxy function of Dnsmasq. The validation is done on a resolver in the internet. Any attacker can use a Man-In-The-Middle attack between the DNSSEC-resolver in the internet and Dnsmasq to manipulate the DNSSEC data. Proxying the DO-/AD-bit lulls the user into a FALSE sense of security. DNSSEC-proxying is highly INSECURE! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/995332 Title: Please enhance NetworkManager such that DNSSEC validation is done whenever possible To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 995332] Re: Please enhance NetworkManager such that DNSSEC validation is done whenever possible
Dnsmasq supports validating DNSSEC since version 2.69, Bugs have been fixed since version 2.71. Please update Ubuntu packages to 2.71 and compile with DNSSEC support (see http://www.thekelleys.org.uk/dnsmasq/CHANGELOG)! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/995332 Title: Please enhance NetworkManager such that DNSSEC validation is done whenever possible To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs