On 9/29/20 10:05 PM, Michael Catanzaro wrote: > > > On Tue, Sep 29, 2020 at 4:28 pm, Petr Menšík <pemen...@redhat.com> wrote: >> nss-dns is allright. All you need to have is dns server with domain >> configurable servers. >> >> Those are: >> - unbound (with dnssec-trigger autoconfigured) >> - dnsmasq >> - systemd-resolved >> - probably knot-resolver >> - bind (not more difficult to reconfigure runtime) >> >> Maybe more. It is not about nss, because /etc/resolv.conf does not >> support any domain:server-ip tuples. It would work better with local >> cache. resolved is not the only possibility. Just use /etc/resolv.conf >> set to localhost and confi > > Great, that will work wonderfully for those of us who run our own DNS > server and configure it to split DNS as we prefer, and who never use > VPNs, and who own zero laptops. For the rest of the world, nss-dns is > not alright. Isn't the whole issue just to have that server configured correctly? Just omit manual configuration. VPNs are not solved only by resolved. dnssec-trigger solves it the same way. It needs only integration with NM.
systemd-resolved is also just dns server with few more options. Bundled into single package with more features, that might have been separate. I own a laptop, connect VPN everyday and it works just fine. Did you know dnsmasq can be configured in very similar way? I think systemd-resolved mixed too many bits together. > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
