diff options
-rw-r--r-- | man/resolved.conf.xml | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index 024ad6a9c1..7556c6ff31 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -204,19 +204,13 @@ <varlistentry> <term><varname>Cache=</varname></term> - <listitem><para>Takes a boolean argument. If "yes" (the default), - resolving a domain name which already got queried earlier will re-use - the previous result as long as that is still valid, and thus does not - need to do an actual network request.</para> - - <para>However, local caching slightly increases the chance of a - successful DNS poisoning attack, and might also be a privacy problem in - some environments: By measuring the time it takes to resolve a - particular network name, a user can determine whether any other user on - the same machine recently visited that name. If either of these is a - concern, you may disable the local caching. Be aware that this comes at - a performance cost, which is <emphasis>very</emphasis> high with DNSSEC. - </para></listitem> + <listitem><para>Takes a boolean argument. If "yes" (the default), resolving a domain name which already got + queried earlier will return the previous result as long as it is still valid, and thus does not result in a new + network request. Be aware that that turning off caching comes at a performance penalty, which is particularly + high when DNSSEC is used.</para> + + <para>Note that caching is turned off implicitly if the configured DNS server is on a host-local IP address + (such as 127.0.0.1 or ::1), in order to avoid duplicate local caching.</para></listitem> </varlistentry> </variablelist> |