Networking/NameResolution/DNSSEC: Difference between revisions

Revision as of 14:56, 17 January 2014

Manual configuration via Unbound

TBD

Local zones

TBD

Global zone

TBD

Using dnssec-trigger (for testing only)

dnssec-trigger configures /etc/resolv.conf to use a local unbound instance on 127.0.0.1 and Unbound to use a secure global zone with nameservers submitted through dnssec-trigger-control or, if those aren't suitable, using public nameservers run by Fedora or the upstream project.

It also performs captive portal (hotspot) detection and temporarily changes /etc/resolv.conf to include the nameservers of the local network directly. That unfortunately breaks the local networking for all network interfaces including those that have nothing to do with the captive portal connection.

NetworkManager integration

TBD

@@ Line 13: / Line 13: @@
 == Using dnssec-trigger (for testing only) ==
-<code>dnssec-trigger<code> configures <code>/etc/resolv.conf</code> to use a local unbound instance on <code>127.0.0.1</code> and Unbound to use a secure global zone with nameservers submitted through <code>dnssec-trigger-control</code> or, if those aren't suitable, using public nameservers run by Fedora or the upstream project.
+<code>dnssec-trigger</code> configures <code>/etc/resolv.conf</code> to use a local unbound instance on <code>127.0.0.1</code> and Unbound to use a secure global zone with nameservers submitted through <code>dnssec-trigger-control</code> or, if those aren't suitable, using public nameservers run by Fedora or the upstream project.
 It also performs captive portal (hotspot) detection and temporarily changes <code>/etc/resolv.conf</code> to include the nameservers of the local network directly. That unfortunately '''breaks the local networking''' for all network interfaces including those that have nothing to do with the captive portal connection.

Search