[Dnsmasq-discuss] what's the usefulness of cache-size=0?

Simon Kelley simon at thekelleys.org.uk
Wed Aug 26 23:00:39 BST 2015


On 26/08/15 19:21, Carlos Carvalho wrote:
> Is it useful to set cache-size=0 instead of using upstream nameservers
> directly in /etc/resolv.conf? I'm surprised to see that NetworkManager has it
> hardcoded.
> 


If the upstream servers can change, then yes, since long-running
processes may  not notice changes to /etc/resolv.conf

NM sets the cachesize to zero for security: On a multiuser machine where
an attacker can send queries to a DNS cache and bombard it with false
answers, cache poisoning when affects other uses is quite easy to achieve.


Cheers,

Simon.





More information about the Dnsmasq-discuss mailing list