Re: [PATCH] resolv.conf.5: DESCRIPTION: Mention that the data is trusted.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/19/2014 12:09 AM, Carlos O'Donell wrote:
> In a recent discussion about DNSSEC it was brought to my
> attention that not all system administrators may understand
> that the information in /etc/resolv.conf is fully trusted.
> The resolver implementation in glibc treats /etc/resolv.conf
> as a fully trusted source of DNS information and passes on
> the AD-bit for DNSSEC as trusted.
> 
> Would it be possible to add a clarifying setence to the
> man page for resolv.conf.5 to make it absolutely clear that
> indeed this source of information is trusted?
> 
> Signed-off-by: Carlos O'Donell <carlos@xxxxxxxxxx>
> 
> diff --git a/man5/resolv.conf.5 b/man5/resolv.conf.5
> index f398724..2dfccdf 100644
> --- a/man5/resolv.conf.5
> +++ b/man5/resolv.conf.5
> @@ -35,6 +35,9 @@ The resolver configuration file contains information that is read
>  by the resolver routines the first time they are invoked by a process.
>  The file is designed to be human readable and contains a list of
>  keywords with values that provide various types of resolver information.
> +The configuration file is considered a trusted source of DNS information
> +e.g. DNSSEC AD-bit information will be returned unmodified from these
> +sources.
>  .LP
>  If this file does not exist,
>  only the name server on the local machine will be queried;

Carlos,

Thanks. I've applied this, but made one small change. You wrote plural "these
sources", but the context seems to indicate a singular is required, so I 
changed it to "this source". Okay?

Cheers,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux