On 26/08/15 19:21, Carlos Carvalho wrote:
> Is it useful to set cache-size=0 instead of using upstream nameservers
> directly in /etc/resolv.conf? I'm surprised to see that NetworkManager has it
> hardcoded.
> 


If the upstream servers can change, then yes, since long-running
processes may  not notice changes to /etc/resolv.conf

NM sets the cachesize to zero for security: On a multiuser machine where
an attacker can send queries to a DNS cache and bombard it with false
answers, cache poisoning when affects other uses is quite easy to achieve.


Cheers,

Simon.



_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to