DNS caching disabled for 12.10...still

2012-10-07 Thread Daniel J Blueman
DNS caching was previously disabled [1] when dnsmasq was introduced in 12.04 (one of the benefits), "to prevent privacy issues, and to prevent local users from spying on source ports and trivially performing a birthday attack in order to poison the cache". Since dnsmasq eg introduced the standard

Re: DNS caching disabled for 12.10...still

2012-10-07 Thread Benjamin Kerensa
On Oct 7, 2012 12:28 AM, "Daniel J Blueman" wrote: > > DNS caching was previously disabled [1] when dnsmasq was introduced in > 12.04 (one of the benefits), "to prevent privacy issues, and to > prevent local users from spying on source ports and trivially > performing a birthday attack in order to

Re: DNS caching disabled for 12.10...still

2012-10-07 Thread Stéphane Graber
On 10/07/2012 04:32 AM, Benjamin Kerensa wrote: > > On Oct 7, 2012 12:28 AM, "Daniel J Blueman" > wrote: >> >> DNS caching was previously disabled [1] when dnsmasq was introduced in >> 12.04 (one of the benefits), "to prevent privacy issues, and to >> prevent local users

Re: DNS caching disabled for 12.10...still

2012-10-07 Thread Paul Graydon
If DNS caching is being disabled in dnsmasq, what value is being had from using dnsmasq by default with network connections? Seems like it just presents another potential failure point. On 10/07/2012 09:19 AM, Stéphane Graber wrote: On 10/07/2012 04:32 AM, Benjamin Kerensa wrote: On Oct 7, 2

Re: DNS caching disabled for 12.10...still

2012-10-07 Thread Mathieu Trudel-Lapierre
On Sun, Oct 7, 2012 at 3:19 PM, Stéphane Graber wrote: > On 10/07/2012 04:32 AM, Benjamin Kerensa wrote: >> >> On Oct 7, 2012 12:28 AM, "Daniel J Blueman" > > wrote: >>> >>> DNS caching was previously disabled [1] when dnsmasq was introduced in >>> 12.04 (one of the benefi

Re: DNS caching disabled for 12.10...still

2012-10-07 Thread Daniel J Blueman
On 8 October 2012 08:27, Mathieu Trudel-Lapierre wrote: > On Sun, Oct 7, 2012 at 3:19 PM, Stéphane Graber wrote: >> On 10/07/2012 04:32 AM, Benjamin Kerensa wrote: >>> On Oct 7, 2012 12:28 AM, "Daniel J Blueman" >> > wrote: DNS caching was previously disabled [1

Re: DNS caching disabled for 12.10...still

2012-10-07 Thread Daniel J Blueman
On 8 October 2012 03:19, Stéphane Graber wrote: > On 10/07/2012 04:32 AM, Benjamin Kerensa wrote: >> On Oct 7, 2012 12:28 AM, "Daniel J Blueman" > > wrote: >>> >>> DNS caching was previously disabled [1] when dnsmasq was introduced in >>> 12.04 (one of the benefits), "to p

Re: DNS caching disabled for 12.10...still

2012-10-07 Thread Jordon Bedwell
On Sun, Oct 7, 2012 at 10:47 PM, Daniel J Blueman wrote: > Can you elaborate the specific reasons/mechanisms why without per-user > caching, dnsmasq is still a security weakness? At least these views > should be shared upstream so we can work on resolving the issues. It's a subjective security is