On 26/08/15 19:21, Carlos Carvalho wrote:
> Is it useful to set cache-size=0 instead of using upstream nameservers
> directly in /etc/resolv.conf? I'm surprised to see that NetworkManager has it
> hardcoded.

If the upstream servers can change, then yes, since long-running
processes may  not notice changes to /etc/resolv.conf

NM sets the cachesize to zero for security: On a multiuser machine where
an attacker can send queries to a DNS cache and bombard it with false
answers, cache poisoning when affects other uses is quite easy to achieve.



Dnsmasq-discuss mailing list

Reply via email to