On Thu, Apr 16, 2020 at 7:55 am, John M. Harris Jr
wrote:
Correcting what I said above, perhaps it'd be best to use what Lennart
mentions as "mode 1" of systemd-resolved, such that /etc/resolv.conf
is read,
while using nss-resolve.
If you want to do that, you can. You just need to make
* Lennart Poettering:
> On Do, 16.04.20 12:49, Florian Weimer (fwei...@redhat.com) wrote:
>
>> As explained elsewhere, NetworkManager-openvpn extracts the search list
>> from OpenVPN parameters, passes that to NetworkManager, which I expect
>> will pass ito to systemd-resolved in the future.
>>
On Thursday, April 16, 2020 7:41:07 AM MST John M. Harris Jr wrote:
> Really, it may be best to go about this in the same way as Ubuntu, with
> nss- dns instead of nss-resolve.. Editing /etc/resolv.conf is still
> commonly done on Fedora, especially on servers. In fact, I never knew that
>
On 4/15/20 17:06, James Cassell wrote:
> On Wed, Apr 15, 2020, at 1:27 PM, Daniel Walsh wrote:
>> On 4/15/20 10:07, Lennart Poettering wrote:
>>> On Di, 14.04.20 15:57, James Cassell (fedoraproj...@cyberpear.com) wrote:
>>>
On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote:
>
On Wednesday, April 15, 2020 6:34:56 AM MST Lennart Poettering wrote:
> On Di, 14.04.20 12:57, Kevin Fenzi (ke...@scrye.com) wrote:
>
>
> > Can you expand on what that means?
> >
> >
> >
> > Does it mean:
> >
> >
> >
> > a) systemd-resolved will use DNS over TLS if it detects that
> > the
On Thu, Apr 16, 2020 at 4:18 pm, Tomas Mraz wrote:
Trusted for what? I would expect corporate VPNs doing such tricks to
monitor the user's internet traffic. Which does not mean the user is
fully screwed with such VPN if he for example uses hardcoded
configuration of a caching nameserver.
In
On Tuesday, April 14, 2020 12:23:27 PM MST Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/systemd-resolved
>
> == Summary ==
>
> Enable systemd-resolved by default. glibc will perform name resolution
> using nss-resolve rather than nss-dns.
>
> == Owner ==
> * Name:
* Lennart Poettering:
> On Do, 16.04.20 12:53, Florian Weimer (fwei...@redhat.com) wrote:
>
>> > Meh. I mean /etc/resolv.conf here, of course, not /etc/nsswitch.conf.
>>
>> So if /etc/resolv.conf comes from somewhere else, then nss_resolve will
>> still forward queries to the daemon, which
On Wed, 2020-04-15 at 10:02 -0500, Michael Catanzaro wrote:
> On Wed, Apr 15, 2020 at 1:38 pm, Florian Weimer
> wrote:
> > Not sure if that's compatible with the new split DNS model because
> > VPN1
> > could simply start pushing longer names in the scope of VPN2, thus
> > hijacking internal
On Do, 16.04.20 12:53, Florian Weimer (fwei...@redhat.com) wrote:
> > Meh. I mean /etc/resolv.conf here, of course, not /etc/nsswitch.conf.
>
> So if /etc/resolv.conf comes from somewhere else, then nss_resolve will
> still forward queries to the daemon, which contacts the upstream server
> on
On Do, 16.04.20 15:26, Florian Weimer (fwei...@redhat.com) wrote:
> If /etc/resolv.conf is a regular file, will systemd-resolved deactivate
> itself? Or use the name server configuration found there instead?
It will use it.
It's smart on this: if it finds a symlink there that points to one of
On Do, 16.04.20 12:46, Florian Weimer (fwei...@redhat.com) wrote:
> * Lennart Poettering:
>
> > Long story short: if you experienced issues with DNSSEC on with
> > resolved today, then be assured that with DNSSEC off things are much
> > much better, and that's how we'd ship it in Fedora if it
On Thu, Apr 16, 2020, at 9:26 AM, Florian Weimer wrote:
> * Zbigniew Jędrzejewski-Szmek:
>
> > On Thu, Apr 16, 2020 at 12:53:48PM +0200, Florian Weimer wrote:
> >> * Lennart Poettering:
> >>
> >> > On Mi, 15.04.20 16:30, Lennart Poettering (mzerq...@0pointer.de) wrote:
> >> >
> >> >> On Mi,
On Do, 16.04.20 12:49, Florian Weimer (fwei...@redhat.com) wrote:
> As explained elsewhere, NetworkManager-openvpn extracts the search list
> from OpenVPN parameters, passes that to NetworkManager, which I expect
> will pass ito to systemd-resolved in the future.
>
> >> Ugh. That will have to be
* Zbigniew Jędrzejewski-Szmek:
> On Thu, Apr 16, 2020 at 12:53:48PM +0200, Florian Weimer wrote:
>> * Lennart Poettering:
>>
>> > On Mi, 15.04.20 16:30, Lennart Poettering (mzerq...@0pointer.de) wrote:
>> >
>> >> On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote:
>> >>
>> >> > *
On Mi, 15.04.20 13:27, Daniel J Walsh (dwa...@redhat.com) wrote:
> > If a container manager copies in /etc/resolv.conf from the host into
> > the container on container *start*, it might be wise to copy in
> > /run/systemd/resolve/resolv.conf instead of /etc/resolv.conf, if it
> > exists. That
On Mi, 15.04.20 07:10, Pavel Raiskup (prais...@redhat.com) wrote:
> On Tuesday, April 14, 2020 9:23:27 PM CEST Ben Cotton wrote:
> > https://fedoraproject.org/wiki/Changes/systemd-resolved
> >
> > == Summary ==
> >
> > Enable systemd-resolved by default. ...
>
> We had serious headaches because
On Thu, Apr 16, 2020 at 12:53:48PM +0200, Florian Weimer wrote:
> * Lennart Poettering:
>
> > On Mi, 15.04.20 16:30, Lennart Poettering (mzerq...@0pointer.de) wrote:
> >
> >> On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote:
> >>
> >> > * Lennart Poettering:
> >> >
> >> > > 1. If
On 16/04/2020 11:46, Florian Weimer wrote:
* Lennart Poettering:
Long story short: if you experienced issues with DNSSEC on with
resolved today, then be assured that with DNSSEC off things are much
much better, and that's how we'd ship it in Fedora if it becomes the
default.
Would you please
* Lennart Poettering:
> On Mi, 15.04.20 16:30, Lennart Poettering (mzerq...@0pointer.de) wrote:
>
>> On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote:
>>
>> > * Lennart Poettering:
>> >
>> > > 1. If /etc/resolv.conf is a regular file, resolved will *consume* it
>> > >for DNS
* Michael Catanzaro:
> On Wed, Apr 15, 2020 at 10:48 am, Florian Weimer
> wrote:
>> The second Kubernetes issue I worry about [1] is that the CoreDNS name
>> server is installed first, and it does additional rule-based
>> processing
>> for in-cluster names. External DNS servers are listed
* Lennart Poettering:
> Long story short: if you experienced issues with DNSSEC on with
> resolved today, then be assured that with DNSSEC off things are much
> much better, and that's how we'd ship it in Fedora if it becomes the
> default.
Would you please clarify what switching DNSSEC off
On Wed, Apr 15, 2020, at 1:27 PM, Daniel Walsh wrote:
> On 4/15/20 10:07, Lennart Poettering wrote:
> > On Di, 14.04.20 15:57, James Cassell (fedoraproj...@cyberpear.com) wrote:
> >
> >> On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote:
> >>>
On Wed, Apr 15, 2020 at 12:05:40PM -0500, Michael Catanzaro wrote:
> On Wed, Apr 15, 2020 at 4:33 pm, Zbigniew Jędrzejewski-Szmek
> wrote:
> >https://github.com/systemd/systemd/pull/15437
>
> To change this for existing Fedora systems is going to require some
> scriptlet hackery... somewhere
On Wed, 15 Apr 2020 15:46:02 +0200
Lennart Poettering wrote:
> resolved has three modes:
[Snipped for brevity.]
Thanks. Saved for future reference.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to
On 4/15/20 10:07, Lennart Poettering wrote:
> On Di, 14.04.20 15:57, James Cassell (fedoraproj...@cyberpear.com) wrote:
>
>> On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote:
>>> https://fedoraproject.org/wiki/Changes/systemd-resolved
>>>
>>> == Summary ==
>>>
>>> Enable systemd-resolved by
On Wed, Apr 15, 2020 at 4:33 pm, Zbigniew Jędrzejewski-Szmek
wrote:
https://github.com/systemd/systemd/pull/15437
To change this for existing Fedora systems is going to require some
scriptlet hackery... somewhere (systemd package, maybe?).
___
On Wed, Apr 15, 2020 at 10:02:17AM -0500, Michael Catanzaro wrote:
> On Wed, Apr 15, 2020 at 4:12 pm, Lennart Poettering
> wrote:
> >The suggested line in nsswitch.conf is:
> >
> >hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
>
> My plan is to use:
>
> hosts: files
On Mi, 15.04.20 10:48, Florian Weimer (fwei...@redhat.com) wrote:
> > As I understand the terminology the "stub resolver" in systemd-resolved
> > refers to the thing that listens on 127.0.0.53 and that won't do
> > anything clever with single label queries because it will expect
> > it is
* Michael Catanzaro:
> On Wed, Apr 15, 2020 at 9:36 am, Florian Weimer
> wrote:
>> And we really need to move /etc/nsswitch.conf out of glibc. We spend
>> some time on maintaining that file, when in fact it doesn't matter
>> because too many scriptlets and programs patch it.
>
> Moving it to
* Lennart Poettering:
> On Mi, 15.04.20 10:09, Michael Catanzaro (mcatanz...@gnome.org) wrote:
>
>> You're right that continuing to use nss-dns would avoid any such problems
>> while maintaining the other benefits of systemd-resolved. That could be a
>> fallback plan if needed.
>
> So, it is my
On Mi, 15.04.20 10:53, Florian Weimer (fwei...@redhat.com) wrote:
> Thanks. Does this mean that no search list processing happens, for
> neither single-label names (per for the first paragraph), nor for
> multi-label names (per the routing description)? Or is this process
> described in some
On Wed, Apr 15, 2020 at 5:06 pm, Lennart Poettering
wrote:
If RH VPN configures "redhat.com" as search domain for their VPN then
this means all redhat.com traffic is automatically pulled over to the
VPN and will not be routed elsewhere anymore.
In particular: current behavior is that
On Mi, 15.04.20 09:29, Fedora Development ML (devel@lists.fedoraproject.org)
wrote:
> > Most Kubernetes/OKD clusters assume that both single-label and
> > multi-label query names are forwarded over DNS (contrary to ICANN
> > recommendations), and that DNS servers are processed in listed order
On Mi, 15.04.20 10:09, Michael Catanzaro (mcatanz...@gnome.org) wrote:
> You're right that continuing to use nss-dns would avoid any such problems
> while maintaining the other benefits of systemd-resolved. That could be a
> fallback plan if needed.
So, it is my understanding that containers as
On Wed, Apr 15, 2020 at 10:09 am, Michael Catanzaro
wrote:
Hm, it sounds like this is the main outstanding issue from this
discussion. It is beyond my expertise. I guess we'll need a bug
report where the relevant experts can figure out whether we need to
change Kubernetes or systemd here.
On Wed, Apr 15, 2020 at 10:08 am, Florian Weimer
wrote:
* Ben Cotton:
Enable systemd-resolved by default. glibc will perform name
resolution
using nss-resolve rather than nss-dns.
Is this intended for Fedora Server and others as well, or just
Workstation? I assume it's for everywhere.
On Mi, 15.04.20 10:02, Michael Catanzaro (mcatanz...@gnome.org) wrote:
>
> On Wed, Apr 15, 2020 at 9:36 am, Florian Weimer wrote:
> > And we really need to move /etc/nsswitch.conf out of glibc. We spend
> > some time on maintaining that file, when in fact it doesn't matter
> > because too many
On Mi, 15.04.20 10:08, Florian Weimer (fwei...@redhat.com) wrote:
> > systemd-resolved has been enabled by default in Ubuntu since Ubuntu
> > 16.10, but please note we are doing this differently than Ubuntu has.
> > Ubuntu does not use nss-resolve. Instead, Ubuntu uses the traditional
> > nss-dns
On Wed, Apr 15, 2020 at 10:48 am, Florian Weimer
wrote:
The second Kubernetes issue I worry about [1] is that the CoreDNS name
server is installed first, and it does additional rule-based
processing
for in-cluster names. External DNS servers are listed later.
Parallel
queries and random
On Wed, Apr 15, 2020 at 4:12 pm, Lennart Poettering
wrote:
The suggested line in nsswitch.conf is:
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
My plan is to use:
hosts: files resolve [!UNAVAIL=return] mdns4_minimal [NOTFOUND=return]
dns myhostname
Apparently
On Wed, Apr 15, 2020 at 1:38 pm, Florian Weimer
wrote:
Not sure if that's compatible with the new split DNS model because
VPN1
could simply start pushing longer names in the scope of VPN2, thus
hijacking internal traffic there (and this sort of hijacking is
exactly
what a DNS sinkhole
On Wed, Apr 15, 2020 at 9:36 am, Florian Weimer
wrote:
And we really need to move /etc/nsswitch.conf out of glibc. We spend
some time on maintaining that file, when in fact it doesn't matter
because too many scriptlets and programs patch it.
Moving it to authselect might be sensible.
BTW:
On Mi, 15.04.20 16:30, Lennart Poettering (mzerq...@0pointer.de) wrote:
> On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote:
>
> > * Lennart Poettering:
> >
> > > 1. If /etc/resolv.conf is a regular file, resolved will *consume* it
> > >for DNS configuration, and never change
On Mi, 15.04.20 16:27, Florian Weimer (fwei...@redhat.com) wrote:
> > That said, resolved has a bus API for resolving hosts too, which gives
> > a bit richer an API to do things, instead of using
> > gethostbyname(). resolved parses and caches /etc/hosts for that
> > natively, so that we can
On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote:
> * Lennart Poettering:
>
> > 1. If /etc/resolv.conf is a regular file, resolved will *consume* it
> >for DNS configuration, and never change it or modify it or replace
> >it. If this mode is selected arbitrary other
On Mi, 15.04.20 09:01, Daniel J Walsh (dwa...@redhat.com) wrote:
> > I didn't consider cases where systemd is not running because Fedora
> > hasn't supported booting without systemd in about a decade. But I
> > guess the problem here is for containers where systemd is not running
> > inside the
* Lennart Poettering:
> On Mi, 15.04.20 09:36, Florian Weimer (fwei...@redhat.com) wrote:
>
>> * Michael Catanzaro:
>>
>> > On Tue, Apr 14, 2020 at 8:48 pm, Zbigniew Jędrzejewski-Szmek
>> > wrote:
>> >> I guess the lesson here is the nsswitch.conf change should be
>> >> clarified in the
On Mi, 15.04.20 09:36, Florian Weimer (fwei...@redhat.com) wrote:
> * Michael Catanzaro:
>
> > On Tue, Apr 14, 2020 at 8:48 pm, Zbigniew Jędrzejewski-Szmek
> > wrote:
> >> I guess the lesson here is the nsswitch.conf change should be
> >> clarified in the proposal.
> >
> > OK, I've just added it
On Di, 14.04.20 15:57, James Cassell (fedoraproj...@cyberpear.com) wrote:
>
> On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote:
> > https://fedoraproject.org/wiki/Changes/systemd-resolved
> >
> > == Summary ==
> >
> > Enable systemd-resolved by default. glibc will perform name resolution
> >
On Mi, 15.04.20 11:14, Fedora Development ML (devel@lists.fedoraproject.org)
wrote:
> On 14.04.2020 21:23, Ben Cotton wrote:
> > Enable systemd-resolved by default. glibc will perform name resolution
> > using nss-resolve rather than nss-dns.
>
> I've tested systemd-resolved on my laptop for a
* Lennart Poettering:
> 1. If /etc/resolv.conf is a regular file, resolved will *consume* it
>for DNS configuration, and never change it or modify it or replace
>it. If this mode is selected arbitrary other programs that do DNS
>will talk directly to the provided DNS servers, and
On Di, 14.04.20 15:52, Fedora Development ML (devel@lists.fedoraproject.org)
wrote:
> On Tue, 14 Apr 2020 16:18:02 -0500
> Michael Catanzaro wrote:
>
> > NetworkManager has three DNS backends: default (nss-dns, what we use
> > currently), dnsmasq, and systemd-resolved. The default backend just
On Di, 14.04.20 12:57, Kevin Fenzi (ke...@scrye.com) wrote:
> Can you expand on what that means?
>
> Does it mean:
>
> a) systemd-resolved will use DNS over TLS if it detects that
> the nameservers it is querying can do so (ie, it would do a query to
> port 853 of the nameservers dhcp or static
On 4/14/20 17:26, Michael Catanzaro wrote:
> On Tue, Apr 14, 2020 at 8:48 pm, Zbigniew Jędrzejewski-Szmek
> wrote:
>> I guess the lesson here is the nsswitch.conf change should be
>> clarified in the proposal.
>
> OK, I've just added it at the end of this part here:
>
> "systemd-libs currently
On Wed, Apr 15, 2020 at 5:31 AM Tom Hughes via devel
wrote:
>
> On 15/04/2020 10:14, Vitaly Zaitsev via devel wrote:
> > On 14.04.2020 21:23, Ben Cotton wrote:
> >> Enable systemd-resolved by default. glibc will perform name resolution
> >> using nss-resolve rather than nss-dns.
> >
> > I've
* Tom Hughes:
> I'm not sure OpenVPN itself has any way to do DNS setup automatically
> on linux but the NetworkManager integration might, I don't use that
> though.
Yes, the NetworkManager integration seems to mirror what happens on
Windows, by looking at the foreign_option_* environment
On 15/04/2020 10:14, Vitaly Zaitsev via devel wrote:
On 14.04.2020 21:23, Ben Cotton wrote:
Enable systemd-resolved by default. glibc will perform name resolution
using nss-resolve rather than nss-dns.
I've tested systemd-resolved on my laptop for a month. It worked very,
very unstable.
On 14.04.2020 21:23, Ben Cotton wrote:
> Enable systemd-resolved by default. glibc will perform name resolution
> using nss-resolve rather than nss-dns.
I've tested systemd-resolved on my laptop for a month. It worked very,
very unstable. Sometimes it stopped responding and I needed to manually
On 15/04/2020 09:48, Florian Weimer wrote:
>>> Is this expected to work with the Red Hat VPN out of the box, or do we
>>> have to disable all this and use a custom configuration? Has this been
>>> discussed with Infosec? It looks like this will break their DNS
>>> sinkholing for domains such as
On 15/04/2020 09:53, Florian Weimer wrote:
> Thanks. Does this mean that no search list processing happens, for
> neither single-label names (per for the first paragraph), nor for
> multi-label names (per the routing description)? Or is this process
> described in some other context?
That text
* Tom Hughes:
>· Single-label names are routed to all local interfaces capable of IP
>multicasting, using the LLMNR protocol. Lookups for IPv4 addresses
>are only sent via LLMNR on IPv4, and lookups for IPv6 addresses are
>only sent via LLMNR on IPv6.
* Tom Hughes:
> On 15/04/2020 09:08, Florian Weimer wrote:
>
>> I cannot find documentation of the systemd stub resolver behavior: how
>> it handles search list processing, and how it decides which upstream
>> name servers to query.
>
> As I understand the terminology the "stub resolver" in
On 15/04/2020 09:29, Tom Hughes via devel wrote:
> I'm not sure what happens if there are multiple interfaces with
> no specific routing but I think it may try them all?
Found the documentation now - it does try them all. Full details
from systemd-resolved(8) are:
Lookup requests are
On 15/04/2020 09:08, Florian Weimer wrote:
I cannot find documentation of the systemd stub resolver behavior: how
it handles search list processing, and how it decides which upstream
name servers to query.
As I understand the terminology the "stub resolver" in systemd-resolved
refers to the
* Ben Cotton:
> Enable systemd-resolved by default. glibc will perform name resolution
> using nss-resolve rather than nss-dns.
Is this intended for Fedora Server and others as well, or just
Workstation? I assume it's for everywhere.
> systemd-resolved has been enabled by default in Ubuntu
* Michael Catanzaro:
> On Tue, Apr 14, 2020 at 8:48 pm, Zbigniew Jędrzejewski-Szmek
> wrote:
>> I guess the lesson here is the nsswitch.conf change should be
>> clarified in the proposal.
>
> OK, I've just added it at the end of this part here:
>
> "systemd-libs currently has
>
On Wed, Apr 15, 2020 at 07:42:12AM +0200, Zdenek Dohnal wrote:
> On 4/14/20 9:23 PM, Ben Cotton wrote:
> > === Multicast DNS ===
> >
> > systemd-resolved's multicast DNS support conflicts with Avahi. Per
> > recommendation from the systemd developers, we will change the default
> > value of this
On 4/14/20 9:23 PM, Ben Cotton wrote:
> === Multicast DNS ===
>
> systemd-resolved's multicast DNS support conflicts with Avahi. Per
> recommendation from the systemd developers, we will change the default
> value of this setting in Fedora from the upstream default
> `MulticastDNS=yes` to
On Tuesday, April 14, 2020 9:23:27 PM CEST Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/systemd-resolved
>
> == Summary ==
>
> Enable systemd-resolved by default. ...
We had serious headaches because racy systemd-resolved got enabled for
some unknown reasons on copr builders
On Tue, 14 Apr 2020 18:39:05 -0500
Michael Catanzaro wrote:
> On Tue, Apr 14, 2020 at 3:52 pm, stan via devel
> wrote:
> > Will the ability to turn off NetworkManager involvement in DNS in
> > the configuration file (None) still remain? I use a local caching
> > DNS server, and had to do that
On Tue, Apr 14, 2020 at 3:52 pm, stan via devel
wrote:
Will the ability to turn off NetworkManager involvement in DNS in the
configuration file (None) still remain? I use a local caching DNS
server, and had to do that in order to allow it to run without
interference / override by
On Tue, 14 Apr 2020 15:52:55 -0700
stan via devel wrote:
> On Tue, 14 Apr 2020 16:18:02 -0500
> Michael Catanzaro wrote:
>
> > NetworkManager has three DNS backends: default (nss-dns, what we
> > use currently), dnsmasq, and systemd-resolved. The default backend
> > just does the wrong thing
On Tue, 14 Apr 2020 16:18:02 -0500
Michael Catanzaro wrote:
> NetworkManager has three DNS backends: default (nss-dns, what we use
> currently), dnsmasq, and systemd-resolved. The default backend just
> does the wrong thing and cannot be fixed. When either dnsmasq or
> systemd-resolved is in
On Tue, Apr 14, 2020 at 8:48 pm, Zbigniew Jędrzejewski-Szmek
wrote:
I guess the lesson here is the nsswitch.conf change should be
clarified in the proposal.
OK, I've just added it at the end of this part here:
"systemd-libs currently has
On Tue, 2020-04-14 at 16:18 -0500, Michael Catanzaro wrote:
> On Tue, Apr 14, 2020 at 12:45 pm, Adam Williamson
> wrote:
> > Doesn't NetworkManager already broadly address both of these on all
> > installations where it's used (which is all Fedora installs by
> > default)?
>
> I don't think so,
On Tue, Apr 14, 2020 at 12:45 pm, Adam Williamson
wrote:
Doesn't NetworkManager already broadly address both of these on all
installations where it's used (which is all Fedora installs by
default)?
I don't think so, no.
As far as I know, NetworkManager does not have a DNS cache. The only
On Tue, Apr 14, 2020 at 12:57 pm, Kevin Fenzi wrote:
Can you expand on what that means?
Does it mean:
a) systemd-resolved will use DNS over TLS if it detects that
the nameservers it is querying can do so (ie, it would do a query to
port 853 of the nameservers dhcp or static config gave it)
On Tue, Apr 14, 2020 at 03:57:50PM -0400, James Cassell wrote:
>
> On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote:
> > https://fedoraproject.org/wiki/Changes/systemd-resolved
> >
> > == Summary ==
> >
> > Enable systemd-resolved by default. glibc will perform name resolution
> > using
On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/systemd-resolved
>
> == Summary ==
>
> Enable systemd-resolved by default. glibc will perform name resolution
> using nss-resolve rather than nss-dns.
>
> == Owner ==
> * Name: [[User:catanzaro|
On Tue, Apr 14, 2020 at 02:40:08PM -0500, Michael Catanzaro wrote:
> On Tue, Apr 14, 2020 at 2:33 pm, Michael Cronenworth
> wrote:
> > Why wait?
> >
> > This is something I've been interested in and was interested in
> > implementing in Fedora.
>
> Caution mainly, so that we only make one major
On Tue, 2020-04-14 at 15:23 -0400, Ben Cotton wrote:
>
> === Caching ===
>
> systemd-resolved caches DNS queries for a short while. This can
> [https://gitlab.gnome.org/GNOME/glib/-/merge_requests/682#note_441846
> dramatically] improve performance for applications that do not already
>
On Tue, Apr 14, 2020 at 2:33 pm, Michael Cronenworth
wrote:
Why wait?
This is something I've been interested in and was interested in
implementing in Fedora.
Caution mainly, so that we only make one major change at a time instead
of two. The goal is to do this without generating too many
On 4/14/20 2:23 PM, Ben Cotton wrote:
=== DNS over TLS ===
systemd-resolved supports DNS over TLS (different from DNS over
HTTPS). Although this feature will not initially be enabled by
default, using systemd-resolved will enable us to turn on DNS over TLS
in a future Fedora release, providing
https://fedoraproject.org/wiki/Changes/systemd-resolved
== Summary ==
Enable systemd-resolved by default. glibc will perform name resolution
using nss-resolve rather than nss-dns.
== Owner ==
* Name: [[User:catanzaro| Michael Catanzaro]]
* Email:
== Detailed Description ==
We will enable
https://fedoraproject.org/wiki/Changes/systemd-resolved
== Summary ==
Enable systemd-resolved by default. glibc will perform name resolution
using nss-resolve rather than nss-dns.
== Owner ==
* Name: [[User:catanzaro| Michael Catanzaro]]
* Email:
== Detailed Description ==
We will enable
301 - 386 of 386 matches
Mail list logo