Request to change default /etc/resolv.conf symlink

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

We reported issues with DNSSEC tools stopped working with resolved were enabled shortly before f33 release. I admit I have not noticed soon enough, because I haven't noticed how it behaves. We were promised a quick fix back then. Since f33 systemd-resolved is installed by default on Workstation and Server.

But the issue remains unchanged still in Fedora 37. Any attempt to use DNSSEC without manual change just fails. You can try delv from bind-utils, unbound-host -rD from unbound or drill -S src.fedoraproject.org from ldns-utils. They all fail on default installation. I have reported multiple bugs, which remains in NEW state for years. I have reported also upstream issues, which are either ignored or closed without proper fix.

It stop any my attempts at getting DNSSEC more popular and used. It is clearly not high on systemd team priority list. For years. It has caused regression without a proper fix.

I request to change default resolv.conf back to file generated by Network Manager. We have resolve nss plugin listed in /etc/nsswitch.conf, so it would still cache all name requests from glibc. But it would not interfere with DNS specialized tools in a weird way, like LLMNR [1]. I don't think systemd-resolved provides any other record types than reverse mapping or addresses. All that can be safely provided via resolve nss plugin, where it would not cause any regressions. A minimal change would be using /run/systemd/resolve/resolv.conf as a target of current /etc/resolv.conf symlink.

If systemd-resolved ever becomes capable as a good DNS cache, we can return it back to domain port. I don't think it is ready for that.

Opinions?

Regards,
Petr

1. https://github.com/systemd/systemd/issues/23494

--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux