12.04 running DNSMASQ by default
in 12.04 dnsmasq is now running by default due to being hardcoded into network manager.
Potentially bad idea ;-) (ever heard of DNS cache poisoning or MITM attacks ?)
12.04 Release Notes
5th Bullet Point.
Its built into Network manager now.
Running a local DNS caching server where your resolver is localhost or 127.0.01 may speed up DNS resolution but may also pose potential security risks.
You may do the following to disable it if you dont want it used, though it doesnt appear it to be caching by default (you can test with the dig command)
so
Code:
sudo nano /etc/NetworkManager/NetworkManager.conf
(the above is case sensitive so capital N)
and comment out the
line then do a
Code:
sudo restart network-manager
Peace
Re: 12.04 running DNSMASQ by default
*shakes head*
Yeah...Umm I am a little disappointed in this, all I can say is that Canonical was on drugs with this one.
That's good advice haqking
Re: 12.04 running DNSMASQ by default
I'm not really sure why they decided to do this anyhow, seeing as DNS lookups are pretty quick to begin with and most web browsers prefetch and cache addresses.
Thanks for the workaround, haqking.
Re: 12.04 running DNSMASQ by default
Dnsmasq is running with caching disabled. There is no security risk.
Re: 12.04 running DNSMASQ by default
Quote:
Originally Posted by
mdeslaur
Dnsmasq is running with caching disabled. There is no security risk.
Source on this?
EDIT : Nevermind found one for you : http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/
If that is the case -- then I have had my faith slightly restored, though I still think it was a stupid move. There are other issues with dnsmasq *cough* TFTP/pxe...
Re: 12.04 running DNSMASQ by default
Quote:
Originally Posted by
Dangertux
Saw it mentioned here:
http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/
It's at bullet number 5 in the page Haqking linked to.
EDIT: Ninja'd me. :p
Re: 12.04 running DNSMASQ by default
If you believe there are other security issues with the use of dnsmasq, please file a bug detailing the issue and the exact attack scenario. Thanks.
Re: 12.04 running DNSMASQ by default
Re: WARNING: 12.04 running DNSMASQ by default
Thanks. Upon upgrade I could not resolve DNS at all with this. I had previously configured unbound for local DNS to get by stupid Time Warner's NXDOMAIN hijacking. I was scratching my head trying to figure out how to stop dnsmasq from starting.
Re: 12.04 running DNSMASQ by default
Quote:
Originally Posted by
Dangertux
OK, so help out us humans that don't really understand the details of how DNS cache poisoning or MITM attacks are carried out. Have you downgraded the threat level based on that link? Or is it still significant enough that everyone should implement the workaround?