This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: resolv.conf format for DNSSEC [was: DNSSEC support in stub-resolver]

> On Fri, Jun 20, 2014 at 04:48:15PM +0200, Nikos Mavrogiannopoulos wrote:
> > Yes, but these options if overwritten do not cause resolving to fail. If
> > the DNSSEC settings are lost it means that every application that
> > depends on that will fail. That's a significant difference.
> Isn't that the feature?

I never associated denial of service with a feature. No, a denial of service for dnssec once you login to a hotel or an airport, or when you connect to your vpn isn't acceptable.

> > It may have been that resolv.conf's semantics are known to too many
> > people to change now.
> Agreed, but that does not preclude addition of an option in a manner
> that does not break backward compatibility.  In fact, adding another
> configuration file just for DNSSEC is just messy.

I also like clean solutions, when they work. At this moment we have a messy situation with /etc/resolv.conf and we need to extend it in a sensible way. Yes, if the situation was ideal the proposed solutions would be different, but we need to work at the current situation.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]