[Dnsmasq-discuss] what's the usefulness of cache-size=0?
Simon Kelley
simon at thekelleys.org.uk
Wed Aug 26 23:00:39 BST 2015
On 26/08/15 19:21, Carlos Carvalho wrote:
> Is it useful to set cache-size=0 instead of using upstream nameservers
> directly in /etc/resolv.conf? I'm surprised to see that NetworkManager has it
> hardcoded.
>
If the upstream servers can change, then yes, since long-running
processes may not notice changes to /etc/resolv.conf
NM sets the cachesize to zero for security: On a multiuser machine where
an attacker can send queries to a DNS cache and bombard it with false
answers, cache poisoning when affects other uses is quite easy to achieve.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list