[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Quoting Florian Weimer (fw@deneb.enyo.de):

> lwresd is far less-tested than BIND, and tweaking the NSS configuration
> is something few people like to do.

Incidentally, the documentation for nss_lwres suggests the following
entry in /etc/nsswitch.conf, for Linux systems installing lwresd:
"hosts: files lwres [NOTFOUND=return] dns"

I had somehow missed lwresd's existence entirely, when I built my
catalogue of DNS nameserver implementations for Linux
(http://linuxmafia.com/faq/Network_Other/dns-servers.html), so I've 
just written an entry, furnishing the above and other suggestions /
comments.  (Entry may have errors, as I've not yet experimented with
lwresd, only read about it.)

Reply to: