]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3f32c6f) | patch
Prevent resolvconf from updating /etc/resolv.conf. As Jakob Schlyter
authorDag-Erling Smørgrav <des@FreeBSD.org>
Mon, 23 Sep 2013 20:06:59 +0000 (20:06 +0000)
committerDag-Erling Smørgrav <des@FreeBSD.org>
Mon, 23 Sep 2013 20:06:59 +0000 (20:06 +0000)
commit058a4e34194250206a4b607905257dc3811eb7ef
treedad1b185fb3066fe3114c2afce467b93f0213d9btree | snapshot
parent3f32c6fb5646908d74936954466a20d36f07b919commit | diff
Prevent resolvconf from updating /etc/resolv.conf.  As Jakob Schlyter
pointed out, having additional nameservers listed in /etc/resolv.conf
can break DNSSEC verification by providing a false positive if unbound
returns SERVFAIL due to an invalid signature.  The downside is that
the domain / search path won't get updated either, but we can live
with that.

Approved by: re (blanket)
usr.sbin/unbound/local-setup/local-unbound-setup.sh diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.