On Di, 29.09.20 13:47, Björn Persson (Bjorn@rombobjörn.se) wrote: > Lennart Poettering wrote: > > On Mo, 28.09.20 22:54, Björn Persson (Bjorn@rombobjörn.se) wrote: > > > > > It can work in company-scope if the company has competent network > > > admins. My local DNS server at home resolves local hostnames to private > > > IPv4 addresses in the 192.168/16 block. Clients on the Internet see > > > another view. Both views are DNSsec-signed, and validation works fine. > > > There's no reason why this setup wouldn't work on a corporate network. > > > The key is to use a domain that is actually registered to the company, > > > not some made-up TLD like "internal" or whatever the incompetent > > > network admins come up with. > > > > You never take your laptop outside to a cafe or so? You never > > connected it to something that is not your home or office network? > > A cafe is company-scope? I'm not sure whether that counts as moving the > goalposts or changing the subject, but neither is a constructive way to > discuss a technical topic. I am just saying: Fedora cannot be focussed on just working for people who have a competent company admin and use their laptops in company networks only. We must have something that works well in company networks, as in home networks as in cafe wifis and suchlike. Client-side DNSSEC only works in a subset of the "competent network admin" scenario, but not in the cafe wifi scenario or the home lan scenario. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx