Re: [RFC] support for trusted validating resolver configuration

[Petr Spacek <pspacek at redhat dot com>]

On 11.6.2015 16:28, Carlos O'Donell wrote:
> On 11/18/2014 07:40 AM, Pavel Simerda wrote:
>>  * A new file to look into for DNS configuration.
> 
> This is such a major disadvantage that I feel the proposal
> should be expanded to consider other alternatives that take
> into account whole-system integration issues e.g. local
> validating resolver, and how this will work with the variety
> of virtualization and isolation technology being employed
> today. What will network manager do? How do you define your
> policies?

Do I understand correctly that you are okay with the basic principle but the
configuration format should be improved?

The format and if it should be a separate file (or somewhere else) is
definitely an open question - ideas are more than welcome!

I'm happy to discuss this with all interested parties. Should we move
system-wide discussion to fedora-devel list?

Thank you for your answers!

Petr^2 Spacek

> I'm hesitant to commit to anything in glibc without seeing
> more discussions with Network Manager, dhcp, and the various
> other parts of a distribution stack that need to coordinate
> secure and trustworthy DNS support.
> 
> Cheers,
> Carlos.
> 
> Notes:
> - Public Fedora Bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=1164339
> - Fedora discussion on local validating resolver:
> https://lists.fedoraproject.org/pipermail/devel/2015-June/210992.html