On Wed, Apr 15, 2020 at 1:38 pm, Florian Weimer <fweimer@xxxxxxxxxx>
wrote:
Not sure if that's compatible with the new split DNS model because
VPN1
could simply start pushing longer names in the scope of VPN2, thus
hijacking internal traffic there (and this sort of hijacking is
exactly
what a DNS sinkhole against typosquatting would need).
You deserve bonus points for thinking like an attacker and exploring
the security model, but let's assume the configured VPNs are trusted.
Otherwise the user is screwed no matter what. ;)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
