On Tue, Apr 14, 2020 at 12:57 pm, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
Can you expand on what that means?
Does it mean:
a) systemd-resolved will use DNS over TLS if it detects that
the nameservers it is querying can do so (ie, it would do a query to
port 853 of the nameservers dhcp or static config gave it)
b) systemd-resolved will use DNS over TLS and always use some 'well
known' public dns servers for queries, ignoring locally configured
servers.
I'm very much in favor of a, but not in favor of b. :)
It would do (a). (But as part of a future change, not part of this
change.)
I think (b) would be too controversial for Fedora.
That said, there are not currently any known compatibility problems
with the
DNS over TLS support as far as I know, so I would *expect* it to go
smoothly
regardless.
Of course, once systemd-resolved is enabled, then enabling or
disabling DNS
over TLS will be a one-line config file change in
/etc/systemd/resolved.conf. :)
Is that going to be to set it to 'opportunistic' or 'true' ?
It would be "opportunistic". (But again, that would be a future change,
not this change.)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
