DNS caching was previously disabled [1] when dnsmasq was introduced in 12.04 (one of the benefits), "to prevent privacy issues, and to prevent local users from spying on source ports and trivially performing a birthday attack in order to poison the cache".
Since dnsmasq eg introduced the standard port-randomisation mitigations [2] for Birthday attacks in 2008 and related hardening, what are the other technical reasons we should still keep this disablement, despite upstream keeping DNS caching enabled? (ie should upstream also disable DNS caching?) Of course, the impact of disabling DNS caching is considerable. Thanks! Daniel [1] https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/903854 [2] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002148.html -- Daniel J Blueman -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
