* Tomas Mraz:
On Wed, 2020-04-15 at 10:02 -0500, Michael Catanzaro wrote:
On Wed, Apr 15, 2020 at 1:38 pm, Florian Weimer fweimer@redhat.com wrote:
Not sure if that's compatible with the new split DNS model because VPN1 could simply start pushing longer names in the scope of VPN2, thus hijacking internal traffic there (and this sort of hijacking is exactly what a DNS sinkhole against typosquatting would need).
You deserve bonus points for thinking like an attacker and exploring the security model, but let's assume the configured VPNs are trusted. Otherwise the user is screwed no matter what. ;)
Trusted for what? I would expect corporate VPNs doing such tricks to monitor the user's internet traffic. Which does not mean the user is fully screwed with such VPN if he for example uses hardcoded configuration of a caching nameserver.
Yes, what I described was given as a motivation for this change.
I find the response puzzling. I would definitely like to see greater robustness to hostile networks, but it is a lot of work. Really a lot. Lots of code to review, and quite a few shell scripts as well.
Thanks, Florian