Control: severity -1 wishlist Control: tags -1 wontfix On Mon, 15 Aug 2022 06:15:01 +0000 andu232 <andu...@proton.me> wrote: > On Sunday, August 14th, 2022 at 8:50 PM, Michael Biebl bi...@debian.org wrote: > > > How does this setup look like? Appears quite exotic so it helps if you > > could explain it in more details how your system is configured. > > Before explaining how does it look like, I think it would be better to > make clear the reason for having another resolver. > > DNS over TLS and DNSSEC can be a good friend to someone who wants enhances > privacy and security, and always use DoT first, only falling back on failure > should be an ideal option, that systemd-resolved is not adequate for. > > If one would like to have DoT, DNSSEC, and fallback works with systemd-resolved, > he might want to append DoT upstreams to systemd-resolved with DHCP DNS > untouched, then switch on DNSSEC. Unfortunately, this won't work as expected, > the reasons are listed below.
Sorry, but such an exotic setup is really not something we want to support. The idea is to have a simple, robust and trivial setup, and the current approach provides that. If there are missing features in resolved, I recommend to provide PRs to implement them, or simply stick to whatever alternative works for you. -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
