Talk:Features/DNSSEC on workstations

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Created page with '- Why is this a checkbox to enable, vs a checkbox to disable? User:notting - I've heard that NM is planning on moving to dnsmasq as a local resolver in the future. This woul...')
 
Line 1: Line 1:
 
- Why is this a checkbox to enable, vs a checkbox to disable? [[User:notting]]
 
- Why is this a checkbox to enable, vs a checkbox to disable? [[User:notting]]
 +
 +
[[User:pwouters]] If this feature is moved to f15, I suggest a checkbox to disable as well. perhaps f14 can see an update with an enable box?
  
 
- I've heard that NM is planning on moving to dnsmasq as a local resolver in the future. This would conflict with that. [[User:notting]]
 
- I've heard that NM is planning on moving to dnsmasq as a local resolver in the future. This would conflict with that. [[User:notting]]
 +
 +
[[User:pwouters]] dnsmasq can interfere with the system easilly - currently I experience problems with dnsmasq stealing port 53 when used for KVM as dhcp server. There should definitely be a conversation with the NM people to see how to make things work. Moving to a non-DNSSEC caching local resolver seems to me to be a non-option at this time. Chaining might be an option. Also, unbound has various options to deal with changing ips and dhcp obtained caches (even when they include a mix of dnssec-capable and dnssec-incapable dns servers)

Revision as of 06:04, 15 September 2010

- Why is this a checkbox to enable, vs a checkbox to disable? User:notting

User:pwouters If this feature is moved to f15, I suggest a checkbox to disable as well. perhaps f14 can see an update with an enable box?

- I've heard that NM is planning on moving to dnsmasq as a local resolver in the future. This would conflict with that. User:notting

User:pwouters dnsmasq can interfere with the system easilly - currently I experience problems with dnsmasq stealing port 53 when used for KVM as dhcp server. There should definitely be a conversation with the NM people to see how to make things work. Moving to a non-DNSSEC caching local resolver seems to me to be a non-option at this time. Chaining might be an option. Also, unbound has various options to deal with changing ips and dhcp obtained caches (even when they include a mix of dnssec-capable and dnssec-incapable dns servers)