On Mon, 2006-05-08 at 23:54 +0200, jth.net wrote: > http://www.gnome.org/projects/NetworkManager/developers/design_goals.html > > "NetworkManager should not be doing things users don't expect." > > Nevertheless the installation in Fedora Core 5 destroyed my custom BIND > installation by pulling it in as a prerequisite inspite of the fact, that BIND > was not installed according to the RPM base. > > Why a product like this needs a DNS server installed locally is beyond me.
And here's why: the glibc resolver and nscd aren't flexible enough to do split DNS and other fancy stuff. And the glibc guys (who also do nscd) have said that they are not going to add that fancy stuff either. Which is fine; but that means that you either (a) run a local caching nameserver, of (b) not use the fancy stuff. The fancy stuff right now includes "split DNS" and is mainly for the VPN support. Here, _only_ queries for the domain that your VPN is for will go to the VPN's nameserver. All other queries will continue to go to your normal, non-VPN nameserver. glibc simply cannot do this. The other problem is that more than a few applications out there don't expect the nameservers to change. Unfortunately, this happens _every time_ you switch networks, wireless or wired. The application must explicitly execute the res_init() function to re-read /etc/resolv.conf, otherwise they will not notice changes. This leads to applications that must be quit and re-launched before they can do anything after a network change has occurred. A local caching nameserver doesn't have this problem, since every application thinks the nameserver is 127.0.0.1, all the time. Furthermore, if we're going to need a local caching nameserver, it might as well be one that's (a) well understood, (b) widely used, and (c) has fast response time to security issues. More than that, the local copy of bind isn't even running with any ports open on any interface other than 127.0.0.1. Yes folks, that means that only processes on the _local_ machine can talk to the local caching nameserver. No other computer, even on your LAN, can talk to it because it's not serving on any interface other than "lo0". As a side note, just don't run BIND if you hate it. Yes, there's the RPM dependency. But that's not likely to go away in Fedora soon. NM will dynamically switch between a running BIND and plain /etc/resolv.conf based on whether or not the 'named' process is running. Dan _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
