On Tue, May 31, 2016 at 11:33:43PM +0200, Martin Pitt wrote:
> Martin Pitt [2016-05-31 22:45 +0200]:
> > Can you please give a sketch how to look up the source port that the
> > resolver uses? That'd be a good piece of information for the upstream
> > bug report too, as it's not at all obvious.
>
Martin Pitt [2016-05-31 22:45 +0200]:
> Can you please give a sketch how to look up the source port that the
> resolver uses? That'd be a good piece of information for the upstream
> bug report too, as it's not at all obvious.
Look up, and also how to forge it -- as creating a RAW_SOCKET requires
On Tue, May 31, 2016 at 10:45:24PM +0200, Martin Pitt wrote:
> Hello Marc,
>
> Stéphane, Marc, thanks for these!
>
> Marc Deslauriers [2016-05-31 16:08 -0400]:
> > > I seem to remember it being a timing attack. If you can control when the
> > > initial DNS query happens, which as an unprivileged
On Tue, May 31, 2016 at 09:38:51PM +0200, Martin Pitt wrote:
> > In the past, resolved would use a single shared cache for the whole
> > system, which would allow for local cache poisoning by unprivileged
> > users on the system. That's the reason why the dnsmasq instance we spawn
> >
Hello Marc,
Stéphane, Marc, thanks for these!
Marc Deslauriers [2016-05-31 16:08 -0400]:
> > I seem to remember it being a timing attack. If you can control when the
> > initial DNS query happens, which as an unprivileged user you can by just
> > doing a local DNS query and you know what upstream
On 2016-05-31 03:52 PM, Stéphane Graber wrote:
> On Tue, May 31, 2016 at 09:38:51PM +0200, Martin Pitt wrote:
>> Hello Stéphane,
>>
>> Stéphane Graber [2016-05-31 11:23 -0400]:
>>> So in the past there were two main problems with using resolved, I'd
>>> like to confirm both of them have now been ta
On Tue, May 31, 2016 at 09:50:03PM +0200, Martin Pitt wrote:
> Hello Stéphane,
>
> Stéphane Graber [2016-05-31 11:31 -0400]:
> > One more thing on that point which was just brought up in:
> > https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967
> >
> > In the past, with dnsmasq on deskt
On Tue, May 31, 2016 at 09:38:51PM +0200, Martin Pitt wrote:
> Hello Stéphane,
>
> Stéphane Graber [2016-05-31 11:23 -0400]:
> > So in the past there were two main problems with using resolved, I'd
> > like to confirm both of them have now been taken care of:
> >
> > 1) Does resolved now support
Hello Stéphane,
Stéphane Graber [2016-05-31 11:31 -0400]:
> One more thing on that point which was just brought up in:
> https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967
>
> In the past, with dnsmasq on desktop we could ship a .d file which would
> instruct the system dnsmasq to for
Hello Stéphane,
Stéphane Graber [2016-05-31 11:23 -0400]:
> So in the past there were two main problems with using resolved, I'd
> like to confirm both of them have now been taken care of:
>
> 1) Does resolved now support split DNS support?
> That is, can Network Manager instruct it that onl
On Tue, May 31, 2016 at 11:23:01AM -0400, Stéphane Graber wrote:
> On Tue, May 31, 2016 at 11:34:41AM +0200, Martin Pitt wrote:
> > Hello all,
> >
> > yesterday I landed [1] in Yakkety which changes how DNS resolution
> > works -- i. e. how names like "www.ubuntu.com" get translated to an IP
> > a
On Tue, May 31, 2016 at 11:34:41AM +0200, Martin Pitt wrote:
> Hello all,
>
> yesterday I landed [1] in Yakkety which changes how DNS resolution
> works -- i. e. how names like "www.ubuntu.com" get translated to an IP
> address like 1.2.3.4.
>
> Until now, we used two different approaches for thi
Hey Dave,
Dave Morley [2016-05-31 11:02 +0100]:
> How will this work on the phone if it is only enabled in yakkety?
I'm not intending/planning on changing the behaviour on stable
releases, of course. This is only ≥ 16.10. So as long as touch
products are built from 16.04 (or even 15.04), it won't
Hello Martin,
Martin Wimpress [2016-05-31 10:51 +0100]:
> Is libnss-resolve automatically seeded via a Depends or does it require
> manual seeding?
It is now seeded (Recommends of ubuntu-standard) and also a recommends
of network-manager to ensure this also gets in on upgrades if someone
removed
On 25/05/2016, Michael Hudson-Doyle wrote:
>
> I've attempted to document the new world at
> https://docs.google.com/document/d/1IOlBWWgcDeB9PfRORENESYj8iJt4W2EwsbYcpg4akBE/edit#
Thank you for the clear write-up.
Is the thought that for instance all the -dev packages juju currently
depends on sh
Hi,
On my phone and travelling so can't trivially find out the answer to the
following question right now.
Is libnss-resolve automatically seeded via a Depends or does it require
manual seeding?
Regards, Martin.
On 31 May 2016 11:36, "Martin Pitt" wrote:
> Hello all,
>
> yesterday I landed [1]
On Tue, 31 May 2016 11:34:41 +0200
Martin Pitt wrote:
> Hello all,
>
> yesterday I landed [1] in Yakkety which changes how DNS resolution
> works -- i. e. how names like "www.ubuntu.com" get translated to an IP
> address like 1.2.3.4.
>
> Until now, we used two different approaches for this:
>
On 31 May 2016 at 12:48, Martin Packman wrote:
> On 25/05/2016, Michael Hudson-Doyle wrote:
>>
>> I've attempted to document the new world at
>> https://docs.google.com/document/d/1IOlBWWgcDeB9PfRORENESYj8iJt4W2EwsbYcpg4akBE/edit#
>
> Thank you for the clear write-up.
I'm glad it came across cle
Hello all,
yesterday I landed [1] in Yakkety which changes how DNS resolution
works -- i. e. how names like "www.ubuntu.com" get translated to an IP
address like 1.2.3.4.
Until now, we used two different approaches for this:
* On desktops and touch, NetworkManager launched "dnsmasq" configured
19 matches
Mail list logo