Re: default local DNS caching name server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 10 Apr 2014, Billy Crook wrote:

I don't think pointing resolv.conf at 127.0.0.1 is the right answer
for this.  The functionality should be implemented as a 'hosts'
service to be listed in nsswitch.conf between files and dns.

For security reasons, you really want resolv.conf to only point to
127.0.0.1. Otherwise applications cannot determine the security of
the DNSSEC answers without doing full validation inside every
application themselves.

See recent discussions on the DANE mailinglist regarding the AD bit
discussion:

http://www.ietf.org/mail-archive/web/dane/current/maillist.html

Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux