Re: F21 System Wide Change: Default Local DNS Resolver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2014-04-30 at 13:22 -0400, Paul Wouters wrote:
> On Wed, 30 Apr 2014, Robert Marcano wrote:
> 
> > What about domain and search lines? If NetworkManager will always use 
> > 127.0.0.1, it should still modify resolv.conf with the domain name received 
> > from DHCP
> 
> That's actually not always correct from a security point of view.
> 
> If you set your system do have domain "nohats.ca", and you "ssh bofh"
> and then some DHCP changes the domain/search list, you might not be
> going where you think you are going.
> 
> IMHO, DHCP should never touch the domain or search list _unless_ you are
> connecting to a trusted network - where trusted for practical reasons is
> defined as "you plug in a wire or use a wifi WPA secret to connect".

Untrusted networks use WPA too, like coffee shops that don't leave the
network open, but write the WPA key on the chalkboard menu or print it
on standup cards at the tables.  I've seen quite a few of these.

There's really no guessing what's trusted/not-trusted unless you're
using 802.1x/WPA Enterprise, or if the user has told you explicitly to
trust this network.

Dan

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux