On Mon, 28 Sep 2020, Michael Catanzaro wrote:
Anyway, if you don't like this heuristic, we could decide to always delete /etc/resolv.conf.
You will break all software linked against libunbound that uses the ub_ctx_resolvconf() function. Most users of libunbound will use this, because firewalls might prevent UDP 53 packets going out from anything but the configured system resolver. It also then uses and gets use of the system's DNS cache.
The only other alternative I can think of would be to leave it unchanged, such that upgraded systems don't get fully migrated to systemd-resolved, but that's not a good option.
I do not think systemd-resolved is ready for prime time, even unrelated to the specific split DNS and DNSSEC case. A number of bugs have been closed that affect DNS resolving despite DNS experts reporting this as violating RFC standards and breaking things. For example: https://github.com/systemd/systemd/issues/8967 Not migrating everything to systemd-resolved per default would not be the worst solution. Paul _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
