On Thu, Mar 03, 2011 at 05:20:37PM +0100, Tollef Fog Heen wrote:
> ]] Bastien ROUCARIES
>
> | main security problem is resolver,
> | $host -v www.local
> | www.local
> | www.local.mydomain.com
>
> So the security problem you see is that if you have a domain called
> «local» the entries in it might be spoofed due to how the resolver
> works?
>
> To the extent this is a bug, it's a bug in the resolver that it does not
> treat names with dots in them as absolute, but relative. I know this is
> how it's been done in the past, but perhaps changing that to treating
> names with as absolute would be a better solution.
echo >>resolv.conf options ndots:15
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110303225125.gh19...@decadent.org.uk
