Request to change default /etc/resolv.conf symlink

Fri, 03 Jun 2022 15:45:30 -0700 

Hello,
We reported issues with DNSSEC tools stopped working with resolved were enabled shortly before f33 release. I admit I have not noticed soon enough, because I haven't noticed how it behaves. We were promised a quick fix back then. Since f33 systemd-resolved is installed by default on Workstation and Server. 


But the issue remains unchanged still in Fedora 37. Any attempt to use 
DNSSEC without manual change just fails. You can try delv from 
bind-utils, unbound-host -rD from unbound or drill -S 
src.fedoraproject.org from ldns-utils. They all fail on default 
installation. I have reported multiple bugs, which remains in NEW state 
for years. I have reported also upstream issues, which are either 
ignored or closed without proper fix.



It stop any my attempts at getting DNSSEC more popular and used. It is 
clearly not high on systemd team priority list. For years. It has caused 
regression without a proper fix.



I request to change default resolv.conf back to file generated by 
Network Manager. We have resolve nss plugin listed in 
/etc/nsswitch.conf, so it would still cache all name requests from 
glibc. But it would not interfere with DNS specialized tools in a weird 
way, like LLMNR [1]. I don't think systemd-resolved provides any other 
record types than reverse mapping or addresses. All that can be safely 
provided via resolve nss plugin, where it would not cause any 
regressions. A minimal change would be using 
/run/systemd/resolve/resolv.conf as a target of current /etc/resolv.conf 
symlink.



If systemd-resolved ever becomes capable as a good DNS cache, we can 
return it back to domain port. I don't think it is ready for that.


Opinions?

Regards,
Petr

1. https://github.com/systemd/systemd/issues/23494

--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure






















					Reply via email to