From: "Carlos O'Donell" <carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [PATCH] resolv.conf.5: DESCRIPTION: Mention that the data is trusted.
Date: Tue, 18 Feb 2014 18:09:57 -0500 [thread overview]
Message-ID: <5303E845.7080003@redhat.com> (raw)
In a recent discussion about DNSSEC it was brought to my
attention that not all system administrators may understand
that the information in /etc/resolv.conf is fully trusted.
The resolver implementation in glibc treats /etc/resolv.conf
as a fully trusted source of DNS information and passes on
the AD-bit for DNSSEC as trusted.
Would it be possible to add a clarifying setence to the
man page for resolv.conf.5 to make it absolutely clear that
indeed this source of information is trusted?
Signed-off-by: Carlos O'Donell <carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
diff --git a/man5/resolv.conf.5 b/man5/resolv.conf.5
index f398724..2dfccdf 100644
--- a/man5/resolv.conf.5
+++ b/man5/resolv.conf.5
@@ -35,6 +35,9 @@ The resolver configuration file contains information that is read
by the resolver routines the first time they are invoked by a process.
The file is designed to be human readable and contains a list of
keywords with values that provide various types of resolver information.
+The configuration file is considered a trusted source of DNS information
+e.g. DNSSEC AD-bit information will be returned unmodified from these
+sources.
.LP
If this file does not exist,
only the name server on the local machine will be queried;
---
Cheers,
Carlos.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next reply other threads:[~2014-02-18 23:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-18 23:09 Carlos O'Donell [this message]
[not found] ` <5303E845.7080003-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-02-22 8:57 ` [PATCH] resolv.conf.5: DESCRIPTION: Mention that the data is trusted Michael Kerrisk (man-pages)
[not found] ` <53086680.30900-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-02-26 21:03 ` Carlos O'Donell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5303E845.7080003@redhat.com \
--to=carlos-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).