Re: F23 System Wide Change: Default Local DNS Resolver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2 Jun 2015, David Howells wrote:


Install a local DNS resolver trusted for the DNSSEC validation running on
127.0.0.1:53. This must be the only name server entry in /etc/resolv.conf.

The automatic name server entries received via dhcp/vpn/wireless
configurations should be stored separately (e.g. this is stored in the
NetworkManager internal state), as transitory name servers to be used by the
trusted local resolver. In all cases, DNSSEC validation will be done
locally.


How does this interact with dnsmasq which also wants to be the only name
server entry in resolv.conf?


Not well? The problem is dnsmasq is not as feature complete as unbound
(and its dnssec implementation is very new).

I think most people end up running dnsmasq because of KVM/libvirtd ? I
think those dnsmasq's should be run in "dhcp only" mode and point to
the hosts's unbound.

Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux