On Tue, Apr 14, 2020 at 02:40:08PM -0500, Michael Catanzaro wrote: > On Tue, Apr 14, 2020 at 2:33 pm, Michael Cronenworth <mike@xxxxxxxxxx> > wrote: > > Why wait? > > > > This is something I've been interested in and was interested in > > implementing in Fedora. > > Caution mainly, so that we only make one major change at a time instead of > two. The goal is to do this without generating too many new bug reports for > the systemd developers all at the same time. My thinking was that if this > change goes smoothly in F33, then it should be possible to enable DNS over > TLS by default in F34. Can you expand on what that means? Does it mean: a) systemd-resolved will use DNS over TLS if it detects that the nameservers it is querying can do so (ie, it would do a query to port 853 of the nameservers dhcp or static config gave it) b) systemd-resolved will use DNS over TLS and always use some 'well known' public dns servers for queries, ignoring locally configured servers. I'm very much in favor of a, but not in favor of b. :) > That said, there are not currently any known compatibility problems with the > DNS over TLS support as far as I know, so I would *expect* it to go smoothly > regardless. > > Of course, once systemd-resolved is enabled, then enabling or disabling DNS > over TLS will be a one-line config file change in > /etc/systemd/resolved.conf. :) Is that going to be to set it to 'opportunistic' or 'true' ? kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
