F21 System Wide Change: Default Local DNS Resolver
Paul Wouters
paul at nohats.ca
Wed Apr 30 17:22:30 UTC 2014
On Wed, 30 Apr 2014, Robert Marcano wrote:
> What about domain and search lines? If NetworkManager will always use
> 127.0.0.1, it should still modify resolv.conf with the domain name received
> from DHCP
That's actually not always correct from a security point of view.
If you set your system do have domain "nohats.ca", and you "ssh bofh"
and then some DHCP changes the domain/search list, you might not be
going where you think you are going.
IMHO, DHCP should never touch the domain or search list _unless_ you are
connecting to a trusted network - where trusted for practical reasons is
defined as "you plug in a wire or use a wifi WPA secret to connect".
No open wifi should ever modify your search list. If it does that now,
it is a security bug.
Paul
More information about the devel
mailing list