This wouldn't really be different that=n using libc for resolving, so I
don't think it really qualifies as a security issue.
You can still perform DNSSEC validation, which is the actual difference
from if DNSSEC proxying wasn't supported by dnsmasq. Granted, it doesn't
automatically do the validation itself, but neither do most programs (or
libc).
Should you want to have DNSSEC validation on your system for now, you
might want to install the DNSSEC Validator plugin for Firefox.
It definitely should be done, but this will depend on work upstream or
by developers. In other words, patches welcome, for fixing dnsmasq
itself.
We may look into adding support for unbound as a resolver in NM; to be
determined.
** Changed in: network-manager (Ubuntu)
Status: New => Triaged
** Changed in: network-manager (Ubuntu)
Importance: Undecided => Wishlist
** Also affects: dnsmasq (Ubuntu)
Importance: Undecided
Status: New
** Changed in: dnsmasq (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: dnsmasq (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/995332
Title:
Validate DNSSEC by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
