F21 System Wide Change: Default Local DNS Resolver

Paul Wouters paul at nohats.ca
Wed Apr 30 17:22:30 UTC 2014

On Wed, 30 Apr 2014, Robert Marcano wrote:

> What about domain and search lines? If NetworkManager will always use 
>, it should still modify resolv.conf with the domain name received 
> from DHCP

That's actually not always correct from a security point of view.

If you set your system do have domain "nohats.ca", and you "ssh bofh"
and then some DHCP changes the domain/search list, you might not be
going where you think you are going.

IMHO, DHCP should never touch the domain or search list _unless_ you are
connecting to a trusted network - where trusted for practical reasons is
defined as "you plug in a wire or use a wifi WPA secret to connect".

No open wifi should ever modify your search list. If it does that now,
it is a security bug.


More information about the devel mailing list