On Wed, Dec 05, 2007 at 04:04:55PM -0500, Colin Walters wrote: > I think the solution is going to be to require the OS to have a caching > nameserver on localhost (i.e. /etc/resolv.conf is always 127.0.0.1), and > for NetworkManager to control that nameserver in some way. If BIND is > dropping support for configuring itself (i.e. it doesn't want to be a > usable caching nameserver for roaming laptops), then dnsmasq may be what > we need to use. > Main problem with dnsmasq is that it doesn't support DNSSEC (I read that it supports only forwarding DNSSEC queries). Only named as caching nameserver could validate DNSSEC queries (point me if I'm not correct). Many people think that DNSSEC is useless. If I compare plain DNS and DNSSEC it is something like rsh vs. ssh. I'm interested how many people think ssh is useless. Use dnsmasq will be good for now but in the end We have to implement dynamic forwarders into named or DNSSEC into other server. I've already started thread about this topic in BIND upstream so I think We will find good compromise and solve this problem. Adam -- Adam Tkac, Red Hat, Inc. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
