Re: F23 System Wide Change: Default Local DNS Resolver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



   Hello Miloslav,

> On Wednesday, 10 June 2015 8:55 PM, Miloslav Trmač <mitr@xxxxxxxxxx> wrote:
> We’ve had earlier conversations about whether the resolver being used (local,
> remote, container host) is trusted to perform DNSSEC validation. How is this
> resolved? The Change page AFAICS doesn’t say.
>
> Do you e.g. plan to have a configuration file which tells libc/and other
> applications dealing with resolv.conf directly to know whether the resolver can
> be trusted for DNSSEC? Or is perhaps the design that any resolver in
> /etc/resolv.conf is always trusted for DNSSEC, and sysadmins need to ensure that
> this is true if they use a remote one?

   Ummn...not any resolver in resolv.conf, but 127.0.0.1 is considered to be trusted. The proposed change is also to ensure that resolv.conf always has only 127.0.0.1 entry in it; And nothing else.


Configuration changes to indicate 'trusted' character of a resolver was proposed to upstream glibc, but that is yet to be resolved properly.

  -> https://www.sourceware.org/ml/libc-alpha/2014-11/msg00426.html


---
Regards
   -P J P
http://feedmug.com
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux