> Am 04.06.2022 um 04:07 schrieb Petr Menšík <pemensik@xxxxxxxxxx>: > > ... > On 04. 06. 22 2:56, Michael Catanzaro wrote: >> >> Hi, >> >> ... > I admit dnsmasq, which I maintain, has existing integration with NM, which can provide required functionality. It has its own set of problems however, therefore I am not pushing it as a replacement in general. Is there anywhere a kind of a list to said set of problems? Dnsmasq is currently the only tool that provides seamless split DNS in all (or at least very many) circumstances. So I’m going to change our Fedora Server documentation to recommend (and describe) set set up dnsmasq. >> For servers, the opposite is generally true: DNSSEC is generally way more important than split DNS. Of course, there will be exceptions -- e.g. you're familiar with cases where DNSSEC is needed on desktops, and servers on some complex networks apparently really do require split DNS -- but it's true as a generalization. So if we are forced to choose between working split DNS vs. working DNSSEC, I would pick the split DNS for desktop editions, and DNSSEC for server editions. (On servers, the main benefit of systemd-resolved is the DNS cache.) > Sure, I admit servers need DNSSEC more and are actually able to use it already. Also tend to use more often more advanced DNS caches. That may be true for enterprise usage. For the large number of private stand alone server or SME servers DNSSEC is not more important as for desktops. And split DNS is especially necessary when a server does host libvirt/KVM VMs. In order to address its VMs (e.g. monitoring tools or forwarding services) the host must query the libvirt dnsmasq instance. This is broken since F34/F35 with systemd-resolved. The only reliable way i know of is a second dnsmasq instance, most easily as NM plugin. So we need a way to configure DNS resolution based on custom needs in every single case, at least until systemd-resolved has resolved all the issues (it is a very nice and elegant solution, I think) Wouldn’t be systemd-resolvd in enabled or disabled state a valid indicator what a sysadmin want’s to use and whether to replace a resolv.conf file by a symbolic link or vice versa? -- Peter Boy https://fedoraproject.org/wiki/User:Pboy pboy@xxxxxxxxxxxxxxxxx Timezone: CET (UTC+1) / CEST (UTC+2) Fedora Server Edition Working Group member Fedora docs team contributor Java developer and enthusiast _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
