On 2014-11-06 17:19, Thiago Macieira wrote: > On Thursday 06 November 2014 14:37:00 Michael Johnson wrote: >> Hi all, >> >> Thank you for your comments. I didn't realize that /etc/resolv.conf was not >> being used anymore, and I don't think many people do. Geoffroy was correct >> in that if I set the DNS IPs in that file manually, it gets overwritten >> after a reboot with the default below. However, if connman generates the >> resolv.conf file, shouldn't it show the nameservers after they are set, >> especially if some applications read that file? > Sorry, you're missing the point. Connman *is* the DNS server, so applications > simply make DNS requests to Connman, which will reply with information it has > or it will query the nameservers you listed for that information. > Applications > don't need to know what server was set in the system and they won't need to > watch the file for updates.
A side note: since Connman is the Tizen's recursive DNS server, it is quite important from security point of view. Ican strongly bet that it wasn't considered from such perspective before. During quick check I found that Connman is very susceptible to DNS cache poisoning attacks. It seems to suffer from all aspects of CERT VU#800113 (http://www.kb.cert.org/vuls/id/800113): - Sequence numbers for DNS queries are generated simply by random() function, which is trivial to predict - All queries are sent from the same source port - Connman suffers from the birthday attack, issuing multiple simultaneous queries for the same record Above vulnerabilities enable Tizen platform to be attack with spoofed DNS entries in Connman's cache, allowing man in the middle attacks forconnections not secured by SSL. I encourage further securityrelated activities for Connman. I will create Jira issues for the above bugs for tracking. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
