On Thu, 8 Oct 2020, Petr Menšík wrote:
I would like to request pausing any new systemd-resolved features system-wide, until its current bugs and deficiencies are resolved sufficiently.
I agree for two reasons. One, the FESCO decision to postpone making systemd-resolvd the default resolver. I would like to ensure this change happens properly and securely for f34. I am still trying to use this setup on my f33 with DNSSEC enabled for systemd-resolved, and do still seem to have issues that I'm going through to see if these are related to DNS or not. I feel we should have this working solidly first, before we are adding more options and features into the mix. Second, we really need any DNS-over-TLS to not break DNSSEC. If we are going to outsource validation to a remote endpoint via DNS-over-TLS, instead of using the local resolver or the local ISP resolver, then data authenticity becomes eveb more important. And DNS-over-TLS only provides transport security, not data origin authenticity. Paul _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
