On Fri, 2014-04-11 at 14:21 -0500, Dan Williams wrote: > On Sat, 2014-04-12 at 02:33 +0800, P J P wrote: > > Hello, > > > > > On Thursday, 10 April 2014 11:39 PM, P J P wrote: > > > I plan to file a feature/change request for this one. I got caught up > > > with other > > > work this past week so could not do it. Will start with it right away. > > > > Please see -> > > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > > > > It's a System Wide Change Proposal request up for review. > > > > I have set the target release as F22, because the proposal deadline for F21 > > was 08 Apr 2014 [1]. Besides, this change would require significant work on > > the related packages like NetworkManager etc. So F22 seems safer. > > > > In case if you spot any discrepancies or have additional inputs or links to > > relevant documents etc. please feel free to update the wiki page or let me > > know and I'll add it there. > > NM has had local caching nameserver capability built-in since Fedora 12 > or something like that. Set 'dns=dnsmasq' in the [main] section > of /etc/NetworkManager/NetworkManager.conf and NM will spawn dnsmasq in > a local caching nameserver configuration and write 127.0.0.1 to > resolv.conf. NM will update that dnsmasq instance whenever your network > configuration chagnes to ensure that dnsmasq has the latest nameservers. > > It seems that 'unbound' is getting more love these days though, due to > it's DNSSEC capabilities, and there is not yet a NetworkManager DNS > plugin for unbound/dnssec-trigger. I know some people are working on > that though (Thomas Hozza and Pavel Simerda) and I'd expect that to show > up in the near future. > > Note that hotspot detection is an important part of this, since hotspots > will clearly break any kind of DNSSEC validation that happens, and > that's something that's being worked out between dnssec-trigger and > NetworkManager right now too. > > NM in F20+ already has a "dns=none" option that prevents NM from > touching resolv.conf, but obviously if NM isn't touching it, the DNS > information that NM gets from upstream or your local configuration needs > to get to the local caching nameserver somehow. Which is what the > existing NM DNS plugins are for, like the dnsmasq one.
" Add domain specific name server entries into local name server's configuration file and ensure that applications are able to resolve internal(company wide) domain names too. (try connecting to company mail/IRC server)" We want to make sure that any local caching nameserver that we do use doesn't rely exclusively on file-based configuration, or if it does, it's able to re-read that configuration file using SIGHUP or some seamless reload functionality. It *must* also be able to load new configuration without dropping in-process DNS queries on the floor, otherwise users will experience hung DNS a non-trivial amount of the time. The better way is to add/remove zones + servers from dnsmasq over D-Bus, which NM does not yet do since the patches are not yet upstream, or to use some other socket-based protocol like unbound does with dnssec-trigger. Dan -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
