On Oct 7, 2012 12:28 AM, "Daniel J Blueman" <dan...@quora.org> wrote: > > DNS caching was previously disabled [1] when dnsmasq was introduced in > 12.04 (one of the benefits), "to prevent privacy issues, and to > prevent local users from spying on source ports and trivially > performing a birthday attack in order to poison the cache". > > Since dnsmasq eg introduced the standard port-randomisation > mitigations [2] for Birthday attacks in 2008 and related hardening, > what are the other technical reasons we should still keep this > disablement, despite upstream keeping DNS caching enabled? (ie should > upstream also disable DNS caching?) > > Of course, the impact of disabling DNS caching is considerable. > > Thanks! > Daniel > > [1] https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/903854 > [2] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002148.html > -- > Daniel J Blueman >
Good points it does look like hardening and addressing some of the concerns has occurred it is possible perhaps that enabling caching was just overlooked but either way it would be nice to see it enabled in 13.04.
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
