Hello,
> = Proposed System Wide Change: Default Local DNS Resolver =
> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
>
> Install a local DNS resolver trusted for the DNSSEC validation running on
> 127.0.0.1:53. This must be the only name server entry in /etc/resolv.conf.
We’ve had earlier conversations about whether the resolver being used (local,
remote, container host) is trusted to perform DNSSEC validation. How is this
resolved? The Change page AFAICS doesn’t say.
Do you e.g. plan to have a configuration file which tells libc/and other
applications dealing with resolv.conf directly to know whether the resolver can
be trusted for DNSSEC? Or is perhaps the design that any resolver in
/etc/resolv.conf is always trusted for DNSSEC, and sysadmins need to ensure
that this is true if they use a remote one?
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
