Re: F22 System Wide Change: Default Local DNS Resolver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/19/2015 06:16 PM, Pete Zaitcev wrote:
> On Wed, 14 Jan 2015 06:26:49 +1030
> William B <william@xxxxxxxxxxxxxxx> wrote:
>
> > Right now, enabled unbound and dnssec-trigger on a laptop is an
> > extremely difficult experience.
>
> Can you tell why you're trying that. Everyone I talk to always
> go unbound, unbound, unbound... WHY? Unbound is plain broken
> and does not work, especially with DNSSEC. But I use plain
> dnsmasq with NM, and everything works perfectly and fully automated
> by NM on my F21 laptop -- including VPN (with vpnc, no less), my internal
> LAN DNS, airports, office. Perhaps that's only because dnsmasq fails
> to participate in DNSSEC properly? Or what? Why is everyone so
> fixated on Unbound?
>
> -- Pete
>

Unbound is designed to do one thing and do it right. To be used
on client as default local resolver it needs something to configure
it ~ dnssec-trigger. (e.g. dnsmasq is directly configured by NM)

Unbound + dnssec-trigger + NM works just fine. Also with split DNS
configuration. I use it every day at home, at work, with VPN. It
works.

I'm not saying there are any use-cases where it breaks, but those need
to be identified and solved. Writing non-technical complains with
zero information for developer in it will get us nowhere.

People want to use unbound, because it does DNSSEC validation.
dnsmasq had no DNSSEC implementation at the time there was already
unbound and dnssec-trigger.

If you use any resolver without DNSSEC the overall situation is
a lot simpler. DNSSEC simply does not work with all the hacks
people were doing with DNS before.

As for unbound vs. dnsmasq... unbound does one thing - DNS validating
resolver. While dnsmasq does almost everything (DNS resolver, validating
resolver, DNS authoritative server, DHCPv4/DHCPv6 server, TFTP server)
and has tons of hackish options. From this point of view, the choice
is pretty clear I think.

Regards,
-- 
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

PGP: 1D9F3C2D
Red Hat Inc.                               http://cz.redhat.com
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux