Merge pull request #3784 from poettering/NEWS-v231

1 files changed, 7 insertions, 13 deletions

diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index 024ad6a9c1..7556c6ff31 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -204,19 +204,13 @@
 
       <varlistentry>
         <term><varname>Cache=</varname></term>
-        <listitem><para>Takes a boolean argument. If "yes" (the default),
-        resolving a domain name which already got queried earlier will re-use
-        the previous result as long as that is still valid, and thus does not
-        need to do an actual network request.</para>
-
-        <para>However, local caching slightly increases the chance of a
-        successful DNS poisoning attack, and might also be a privacy problem in
-        some environments: By measuring the time it takes to resolve a
-        particular network name, a user can determine whether any other user on
-        the same machine recently visited that name. If either of these is a
-        concern, you may disable the local caching. Be aware that this comes at
-        a performance cost, which is <emphasis>very</emphasis> high with DNSSEC.
-        </para></listitem>
+        <listitem><para>Takes a boolean argument. If "yes" (the default), resolving a domain name which already got
+        queried earlier will return the previous result as long as it is still valid, and thus does not result in a new
+        network request. Be aware that that turning off caching comes at a performance penalty, which is particularly
+        high when DNSSEC is used.</para>
+
+        <para>Note that caching is turned off implicitly if the configured DNS server is on a host-local IP address
+        (such as 127.0.0.1 or ::1), in order to avoid duplicate local caching.</para></listitem>
       </varlistentry>
 
     </variablelist>