resolved: add option to disable caching (#3592)

In some cases, caching DNS results locally is not desirable, a it makes DNS cache poisoning attacks a tad easier and also allows users on the system to determine whether or not a particular domain got visited by another user. Thus provide a new "Cache" resolved.conf option to disable it.
author: Martin Pitt <martin.pitt@ubuntu.com> 2016-06-24 07:54:28 +0200
committer: GitHub <noreply@github.com> 2016-06-24 07:54:28 +0200
commit: ceeddf79b8464469a5307a1030862c7c4fe289e9 (patch)
tree: 4ad0a49ca457e8e53789c3aea41c6284ab3ff277 /NEWS
parent: a2c28c645160b4e9377db4cb40cb9f22141f2dd3 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 7ecb10e216..e4efb476c6 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,14 @@ CHANGES WITH 231:
           "Options=" with a drop-in, or mount /tmp from /etc/fstab with your
           desired options.
 
+        * systemd-resolved gained a new "Cache=" option in resolved.conf.
+          Local caching makes DNS poisoning attacks slightly easier and allows
+          a local user to detect whether any other user on the same machine has
+          recently visited a given DNS name (privacy). If that is a concern,
+          you can disable local caching with this option at the cost of slower
+          DNS resolution (which is particularly expensive with DNSSEC). The
+          default continues to be "yes" (i. e.  caching is enabled).
+
         Contributions from: ...
 
         — Somewhere, 2016-XX-XX
author	Martin Pitt <martin.pitt@ubuntu.com>	2016-06-24 07:54:28 +0200
committer	GitHub <noreply@github.com>	2016-06-24 07:54:28 +0200
commit	ceeddf79b8464469a5307a1030862c7c4fe289e9 (patch)
tree	4ad0a49ca457e8e53789c3aea41c6284ab3ff277 /NEWS
parent	a2c28c645160b4e9377db4cb40cb9f22141f2dd3 (diff)