On Mon, 2020-09-28 at 12:30 -0500, Michael Catanzaro wrote: > On Mon, Sep 28, 2020 at 1:20 pm, Chuck Anderson <c...@alum.wpi.edu> > wrote: > > I thought Fedora was supposed to be First? How can it be if Fedora > > chooses to use/configure software by default that is missing critical > > DNSSEC functionality and breaks DNS standards? > > Well, let's amend that to "first when it's smart to be first." We can't > ever *require* DNSSEC validation, because Windows and macOS are not > going to do so. They have to be first. I could just as well counter > with "How can Fedora be first if it refuses to implement split DNS > behavior by default that breaks user expectations and leaks queries to > unexpected networks?"
Requiring Validation, and *passing through* requests for DNSSEC records are *entirely* different things. > As for just passing along records, see Zbigniew's responses; it's > possible to do by default, just not a priority. This is really only > interesting for specialized applications like mail servers that live on > controlled networks where you know that DNSSEC is not broken, i.e. not > relevant for 99% of users. If you're running such applications, it's a > one-line change in resolved.conf to enable DNSSEC, not really a big > deal. It's annoying to have to edit an extra config file, yes, and we > should do better, but I don't think that should derail this change. It is breaking working systems for people, at the very least it should be very high on priority, not downplayed to irrelevance (as that is the route for never fixing it, and having people always disable resolved as a matter of fact) -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
