On Mon, 2014-04-28 at 10:14 -0400, Paul Wouters wrote: > On Mon, 28 Apr 2014, Marcelo Ricardo Leitner wrote: > > > Speaking of which, I am not sure how dnsmasq plays with DNSSEC and/or > > failover, but NetworkManager already has a config option > > (/etc/NetworkManager/NetworkManager.conf, dns=dnsmasq) that makes it > > configure a local dnsmasq instance on 127.0.0.1 for handling DNS requests. > > The dnsmasq then is the one who will go after the real servers & all.. > > > > Isn't making this the default way enough perhaps? > > No, that is missing all the features for hotspot signon and VPN > integration.
NM already has connectivity checking like dnssec-trigger, which we use for hotspot detection and twiddle some D-Bus API flags to indicate that you might be behind a hotspot. GNOME Shell displays a "hotspot" status in this case. NM will also do split DNS with dnsmasq as a local caching nameserver to handle the VPN stuff, if your VPN passes down domains or you specify them manually. What that doesn't have is the DNSSEC support or the ability to start a sandboxed web browser for hotspot login before making the upstream nameservers system-wide, which is where dnssec-trigger and unbound would come in. Dan -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
