Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Mon, Sep 28, 2020 at 11:19 AM PGNet Dev <pgnet.dev@xxxxxxxxx> wrote:
On 9/28/20 11:03 AM, Lennart Poettering wrote:
> I have the strong suspicion that the same people who are
> able to deploy working DNSSEC client side and are educated enough in
> DNSSEC to know what that even means are also capable of replacing that
> one symlink in /etc.

i'll start with:  i'm generally a huge use-systemd-*-whenever-possible bigot.  aka, NOT an anti-systemd'er.

but, this^ comment, though likely _true_, causes concern for those of us out here, in the peanut gallery.

<peanut-gallery hat>on</peanut-gallery hat>

as Paul Wouters has repeatedly pointed out ... others' use cases are not mine.

and statements such as "It's easy to do using resolvectl" make me ... antsy.

forcing use of, or switching by (coming) default, to solutions that cause significant breakage to working systems, is bad news. whether or not that breakage can be 'easily' worked around.

easy != zero effort / zero cost.

my typical 'small-office install' includes local split-horizon bind9 implementation, as well as instances of both NSD4/Unbound, multiple VPN links, and varied routing for IPv4 & IPv6 dns queries, as well as general & specific traffic.  internal services/capabilities include mail, DNSSEC and instances of secure DNS (DoT/DoH), geoIP, etc etc.

'large-office' installs are correspondingly _more_ 'convoluted'.

that said, it all works.  well.

(my) users see/use a static /etc/resolv.conf, with, generally, a single nameserver entry.

recent experiments (on F32, admittedly -- *not* yet F33) with NetworkManager &/or systemd-resolved here were nightmarish; a seemingly endless array of 'gotchas' ...

after trying, and failing, to chase down & completely resolve all the problems, the functional solution i landed on was

 (1) disable NetworkManager everywhere (yes, causes some current pain with laptops)

I would have expected NetworkManager to handle this kind of setup just fine.  What went wrong?
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux