Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 28, 2020 at 06:36:02PM +0200, Florian Weimer wrote:
> * Andrew Lutomirski:
> 
> > Paul may well have been mixing different things here, but I don't
> > think you answered the one that seems like the most severe problem:
> > systemd-resolved removed perfectly valid DNSSEC records that were
> > supplied by the upstream server.  One might reasonably debate whether
> > Fedora's default DNS resolver configuration should validate DNSSEC,
> > but I think it should honor the DO bit in client requests and return
> > DNSSEC data.
> 
> FWIW, this is <https://bugzilla.redhat.com/show_bug.cgi?id=1879028>.

In an ideal world, we would just implement this missing functionality.
It's definitely on the TODO list, and there has been some preparatory
work done, but so far nobody found the time. If this is judged necessary,
we'll raise the priority of that work. Nevertheless, I don't think it is
such high priority — the number of people using DNSSEC is not too large,
and they are generally power-users who understand how to specify a different
server. So while definitely annoying, I didn't consider this a deal-breaker.

Zbyszek
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux