This is the mail archive of the
mailing list for the glibc project.
Re: [PING] Re: DNSSEC support in stub-resolver
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>
- Cc: Petr Spacek <pspacek at redhat dot com>, libc-alpha at sourceware dot org
- Date: Fri, 16 May 2014 11:44:23 +0200
- Subject: Re: [PING] Re: DNSSEC support in stub-resolver
- Authentication-results: sourceware.org; auth=none
- References: <535E41F5 dot 5020109 at redhat dot com> <20140428133201 dot GB24365 at domone dot podge> <5360BBBD dot 30901 at redhat dot com> <53737979 dot 9060006 at redhat dot com> <20140515213246 dot GA25777 at domone dot podge> <20140516005235 dot GA13048 at spoyarek dot pnq dot redhat dot com>
On Fri, May 16, 2014 at 06:22:35AM +0530, Siddhesh Poyarekar wrote:
> On Thu, May 15, 2014 at 11:32:46PM +0200, OndÅej BÃlka wrote:
> > I would start with simpler steps first, a huge patch for What about adding configure
> > option/env variable to only trust localhost resolvers.
> The localhost resolver must be implicitly trusted, so there's no point
> in adding an option to enable or disable that. Maybe you meant 'add
> an option to trust the configured resolvers'? Then that is
> essentially what Petr is proposing.
No, by default we trust everything. I proposed option to trust localhost
and distrust everything else. I do not see yet need for configure
options beyond that.