[Bug 995332] Re: Please enhance NetworkManager such that DNSSEC validation is done whenever possible
Renne
995332 at bugs.launchpad.net
Mon Aug 25 13:17:13 UTC 2014
Do NOT use DNSSEC-proxy function of Dnsmasq. The validation is done on a
resolver in the internet. Any attacker can use a Man-In-The-Middle
attack between the DNSSEC-resolver in the internet and Dnsmasq to
manipulate the DNSSEC data. Proxying the DO-/AD-bit lulls the user into
a FALSE sense of security.
DNSSEC-proxying is highly INSECURE!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/995332
Title:
Please enhance NetworkManager such that DNSSEC validation is done
whenever possible
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/995332/+subscriptions
More information about the Ubuntu-server-bugs
mailing list