On Thu, 10 Apr 2014, Billy Crook wrote:
I don't think pointing resolv.conf at 127.0.0.1 is the right answer for this. The functionality should be implemented as a 'hosts' service to be listed in nsswitch.conf between files and dns.
For security reasons, you really want resolv.conf to only point to 127.0.0.1. Otherwise applications cannot determine the security of the DNSSEC answers without doing full validation inside every application themselves. See recent discussions on the DANE mailinglist regarding the AD bit discussion: http://www.ietf.org/mail-archive/web/dane/current/maillist.html Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
