On 06/02/2015 08:36 PM, Paul Wouters wrote: > On Tue, 2 Jun 2015, Simo Sorce wrote: > >>> and just because you have a local resolver firefox won't stop it's >>> behavior >> >> It can, w/o a local resolver FF developers will definitely keep caching >> on their own, with a decent local resolver they can allow themselves to >> disable their own and go back to rely on the system one, perhaps. > > I don't think so. Firefox does that to avoid DNS rebinding attacks. It is somewhat questionable whether DNS rebinding vulnerabilities are, in fact, a problem which should be solved at the client side. But Firefox certainly has some caching mechanisms intended to help against that (but I'm not sure how reliable they are in preventing the issue, e.g. if you use a web proxy). -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
