F23 System Wide Change: Default Local DNS Resolver
Florian Weimer
fweimer at redhat.com
Wed Jun 3 10:04:45 UTC 2015
On 06/02/2015 08:36 PM, Paul Wouters wrote:
> On Tue, 2 Jun 2015, Simo Sorce wrote:
>
>>> and just because you have a local resolver firefox won't stop it's
>>> behavior
>>
>> It can, w/o a local resolver FF developers will definitely keep caching
>> on their own, with a decent local resolver they can allow themselves to
>> disable their own and go back to rely on the system one, perhaps.
>
> I don't think so. Firefox does that to avoid DNS rebinding attacks.
It is somewhat questionable whether DNS rebinding vulnerabilities are,
in fact, a problem which should be solved at the client side. But
Firefox certainly has some caching mechanisms intended to help against
that (but I'm not sure how reliable they are in preventing the issue,
e.g. if you use a web proxy).
--
Florian Weimer / Red Hat Product Security
More information about the devel
mailing list