Re: systemd-resolved fallback DNS servers: usability vs. GDPR

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 24 Feb 2021, Colin Walters wrote:


It's trickier than that because local caching nameservers can provide real benefits in various server scenarios, and also the IoT/edge case (as usual) blurs the traditional datacenter/mobile boundary.  (IoT can be servers with WiFi)

We ended up enabling resolved in FCOS, although it took a bit because it broke OpenShift, see:
https://github.com/openshift/okd-machine-os/pull/15
https://github.com/openshift/machine-config-operator/pull/2377
https://github.com/openshift/okd-machine-os/pull/47
etc.


It's hard to read through those. It's a big nest of issues, fixes and
reverts on adding/removing systemd-resolved. I couldn't figure out
the DNS setup based on these reports.


(It's really complex for OpenShift because we have a split between the host DNS and pod DNS which is served by CoreDNS, yet some cases span those, plus some on-premise installs differ from cloud/Iaas in this)


I'm confused here too, since AFAIK NM does not support tying queries for
certain domains to certain nameservers, and I was told that NM
configures DNS, not systemd-resolved, so how is that done in this case
then? For VPN, to support split-DNS you ran a full resolver like
unbound that has this support, and does not get configured through NM.

I guess I can't say more unless someone can point me to some
documentation on the DNS deployment details there. However, this
all changes nothing that different systems want to use different
DNS solutions, and making systemd-resolved part of the init package
so it is mandatory to install is not appropriate.

Paul
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux