Re: Fedora 33 System-Wide Change proposal: systemd-resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* Michael Catanzaro:

> On Sun, Jul 26, 2020 at 6:15 pm, John M. Harris Jr
> <johnmh@xxxxxxxxxxxxx> wrote:
>> Please do not disable reading from /etc/resolv.conf. If you do so,
>> please
>> limit that to the Spins that it won't affect people on, such as
>> Workstation,
>> if you believe people there don't set their own DNS servers.
>
> Except:
>
> * /etc/resolv.conf is broken by design, as you would know if you read
> the section on split DNS that you just quoted

It works for the things it's meant to do.

Split DNS does not exist as a concept.  Some web browser concepts, such
as the canary domain for DoH are explicitly incompatible with it:

  <https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet>

Incompatible in the sense that when connecting to a VPN, DNS traffic
will now be sent to a third party, when it would not before.

> * There's no value in reading from /etc/resolv.conf unless you have
> written something custom to it

Any DNS client library has to read /etc/resolv.conf to determine the
system DNS configuration.

The format is about as stable than _res, and from languages which are
not C, much easier to access.

This isn't an obscure use case, this is something that really has to
work.  Even C programs use alternative DNS clients for asynchronous name
resolution and similar things.

> Fact is that unless you have done custom work to allow manual
> modifications to /etc/resolv.conf, you're not going to notice this
> change at all.

It depends on the quality of the DNS implementation whose address is
given in /etc/resolv.conf.

> And if you have, then surely you'll be able to figure
> out the very, very simple steps to get back to the original
> behavior. In fact, it should actually be *easier* than before to get
> traditional behavior. Remove the symlink. Create your own
> /etc/resolv.conf. Hey presto! systemd will read it....

What if I want to manage name servers via DHCP (and Network Manager),
but still retain DNSSEC support for local applications?

Thanks,
Florian
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux