Em 28-04-2014 02:39, P J P escreveu:
Hi,
(sorry for the delayed response, I was away past few days)
2014-04-26 0:51 GMT+02:00 Chuck Anderson wrote:
Main goal is to have local DNSSEC-validating resolver.
I, as the OP, did not intend that as the goal, although I have no
problem with that as a different goal. My intent was to fix the
atrocious failover behavior of the glibc resolver.
Agreed. There are several reasons to have a local DNS resolvers.
Nonetheless, one solution may not address all use cases. For that reason, one
of the requisites gathered from the earlier long thread is
+ Choice between different DNS resolvers - unbound, bind, dnsmasq,
dnslookupd etc. etc.
- you would want to have plugins for those in NetworkManager
- Right.
Please see -> https://www.piratepad.ca/p/dnssec-requisites-configurations
Speaking of which, I am not sure how dnsmasq plays with DNSSEC and/or
failover, but NetworkManager already has a config option
(/etc/NetworkManager/NetworkManager.conf, dns=dnsmasq) that makes it
configure a local dnsmasq instance on 127.0.0.1 for handling DNS
requests. The dnsmasq then is the one who will go after the real servers
& all..
Isn't making this the default way enough perhaps?
Marcelo
As Miloslav rightly said, supporting each new DNS resolver would entail
resolver specific integration work and relevant upstream development work.
We plan to do our _best_ to address maximum use cases and provide due guidance
for the others. But for that, it is essential to gather first hand data and
list down all the DNS resolver use cases across
desktops/servers/workstations/thin clients/data centres/cloud/containers etc.
etc. Anything and everything that uses DNS resolver, we need to know about it.
Having such data would _greatly_ help to device a robust solution.
Please help us by spreading the word about it, so that we have more & more real
life data on that ether pad. That way we can estimate the amount of work to be done
and invite contributors to take-up individual tasks. More hands together can easily
make huge difference.
On Saturday, 26 April 2014 4:29 AM, Miloslav Trmač wrote:
Right now I'd actually guess that it's more likely to have a DNSSEC-validating
resolver soon,
than the simple caching daemon you propose. Specific people are already
dedicated to working
on the former, and the principal elements of the solution already exist;
what is left is (a large amount of) integration work. And that will also
inherently handle
the caching/failover case "for free".
Very true!
---
Regards
-Prasad
http://feedmug.com
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
