Talk:Features/DNSSEC on workstations

From FedoraProject

Revision as of 06:04, 15 September 2010 by Pwouters (Talk | contribs)

Jump to: navigation, search

- Why is this a checkbox to enable, vs a checkbox to disable? User:notting

User:pwouters If this feature is moved to f15, I suggest a checkbox to disable as well. perhaps f14 can see an update with an enable box?

- I've heard that NM is planning on moving to dnsmasq as a local resolver in the future. This would conflict with that. User:notting

User:pwouters dnsmasq can interfere with the system easilly - currently I experience problems with dnsmasq stealing port 53 when used for KVM as dhcp server. There should definitely be a conversation with the NM people to see how to make things work. Moving to a non-DNSSEC caching local resolver seems to me to be a non-option at this time. Chaining might be an option. Also, unbound has various options to deal with changing ips and dhcp obtained caches (even when they include a mix of dnssec-capable and dnssec-incapable dns servers)