Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

FESCo's approval[1] of this proposal was contingent on splitting it into two phases. For Fedora 34, nscd will be deprecated[2]. For Fedora 35, nscd will be removed[3]. [1] https://pagure.io/fesco/issue/2501#comment-704653 [2] https://fedoraproject.org/wiki/Changes/DeprecateNSCD [3]

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

FESCo's approval[1] of this proposal was contingent on splitting it into two phases. For Fedora 34, nscd will be deprecated[2]. For Fedora 35, nscd will be removed[3]. [1] https://pagure.io/fesco/issue/2501#comment-704653 [2] https://fedoraproject.org/wiki/Changes/DeprecateNSCD [3]

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

* Marius Schwarz: > It not only caches names, it also RANDOMIZES the requests to the dns > servers configured, increasing the privacy of ones internet journey. > That it does it, was the reason i tried it out at home ;) Let me repeat then, less politely: It does not do any such thing. You

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On 11/17/20 10:12 AM, Lennart Poettering wrote: > On Mo, 16.11.20 21:48, Petr Menšík (pemen...@redhat.com) wrote: > >> But it does not have to learn everything about a server, because it >> switched the active one. If it has to, try to find way to store server >> instance features per server

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On 11/17/20 4:24 AM, Lennart Poettering wrote: dig @9.9.9.9 +nsid heise.de FWIW, a neat way to look at differences like that is     watch -d dig @9.9.9.9 +nsid heise.de I use it often for looking at hotplugs (watch -d lsusb) etc. ___ devel

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On So, 15.11.20 18:25, Chris Adams (li...@cmadams.net) wrote: > Once upon a time, Stephen John Smoogen said: > > Because a lot of networks use routing tricks to send traffic to particular > > DNS server IP addresses. They may round robin, traffic route, or other > > methods to send you to

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On So, 15.11.20 15:36, Samuel Sieb (sam...@sieb.net) wrote: > On 11/15/20 7:31 AM, Lennart Poettering wrote: > > Implementing this does not come without drawbacks though: right now > > resolved tries hard to use the same server if at all possible, since > > we want to use newer DNS features if

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Mo, 16.11.20 21:48, Petr Menšík (pemen...@redhat.com) wrote: > But it does not have to learn everything about a server, because it > switched the active one. If it has to, try to find way to store server > instance features per server IP, not per link. We do exactly this. But we also have a

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Thu, 2020-11-05 at 07:58 -0500, Nico Kadel-Garcia wrote: > On Thu, Nov 5, 2020 at 6:39 AM Petr Menšík wrote: > > No, no, NO again. > > > > nscd has no important active bugs in Fedora. I am not sure what bugs are > > mentioned, but just a few active bugs are on glibc component in Fedora. > >

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On 11/15/20 4:31 PM, Lennart Poettering wrote: > On So, 15.11.20 10:18, Marius Schwarz (fedora...@cloud-foo.de) wrote: > >> Am 11.11.20 um 16:58 schrieb Lennart Poettering: >>> So if you configure 4 DNS servers then each will still get roughly >>> 1/4th of your requests? That's still quite a

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Mon, Nov 16, 2020 at 07:45:54AM -0500, Stephen John Smoogen wrote: > On Sun, 15 Nov 2020 at 19:26, Chris Adams wrote: > > > Once upon a time, Stephen John Smoogen said: > > > Because a lot of networks use routing tricks to send traffic to > > particular > > > DNS server IP addresses. They

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

Am 16.11.20 um 00:36 schrieb Samuel Sieb: DoT becomes efficient when we can reuse the established TCP/TLS connection for multiple lookups. But if we'd switch servers all the time, then of course there's no reuse of TCP/TLS connections possible. Same thing here.  Would it be a problem to keep

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Sun, 15 Nov 2020 at 19:26, Chris Adams wrote: > Once upon a time, Stephen John Smoogen said: > > Because a lot of networks use routing tricks to send traffic to > particular > > DNS server IP addresses. They may round robin, traffic route, or other > > methods to send you to different DNS

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

Once upon a time, Stephen John Smoogen said: > Because a lot of networks use routing tricks to send traffic to particular > DNS server IP addresses. They may round robin, traffic route, or other > methods to send you to different DNS servers with the same ip address. Even > if they are all the

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Sun, 15 Nov 2020 at 18:37, Samuel Sieb wrote: > On 11/15/20 7:31 AM, Lennart Poettering wrote: > > Implementing this does not come without drawbacks though: right now > > resolved tries hard to use the same server if at all possible, since > > we want to use newer DNS features if possible,

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On 11/15/20 7:31 AM, Lennart Poettering wrote: Implementing this does not come without drawbacks though: right now resolved tries hard to use the same server if at all possible, since we want to use newer DNS features if possible, but many DNS servers (wifi routers, yuck) tend to support them

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On So, 15.11.20 10:18, Marius Schwarz (fedora...@cloud-foo.de) wrote: > Am 11.11.20 um 16:58 schrieb Lennart Poettering: > > So if you configure 4 DNS servers then each will still get roughly > > 1/4th of your requests? That's still quite a lot of info. > the more you use, and i did, the better

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

Am 11.11.20 um 16:58 schrieb Lennart Poettering: So if you configure 4 DNS servers then each will still get roughly 1/4th of your requests? That's still quite a lot of info. the more you use, and i did, the better it protects against tracking by the dns cache owners. How about putting this as

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

Am 09.11.20 um 18:34 schrieb Florian Weimer: It not only caches names, it also RANDOMIZES the requests to the dns servers configured, increasing the privacy of ones internet journey. nscd? I don't think it does anything like that. It doesn't even have its own DNS code, it uses the same code

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Sat, 2020-11-14 at 19:11 -0500, Nico Kadel-Garcia wrote: > On Sat, Nov 14, 2020 at 6:02 PM Markus Larsson > wrote: > > > Sounds like a horrible experience. It seems circumventable by not > > caching entire OUs though. They way sssd has been used where I have > > been it has only cached users

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Sat, Nov 14, 2020 at 6:02 PM Markus Larsson wrote: > Sounds like a horrible experience. It seems circumventable by not caching > entire OUs though. They way sssd has been used where I have been it has only > cached users actually logging in. That's a single setting in sssd.conf that >

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On 14 November 2020 23:35:09 CET, Nico Kadel-Garcia wrote: >On Sat, Nov 14, 2020 at 5:11 PM Markus Larsson wrote: >> >> >> >> On 5 November 2020 13:58:54 CET, Nico Kadel-Garcia wrote: >> > >> >sssd also breaks other LDAP setups, It's extremely broken with larger >> >LDAP setups because it

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Sat, Nov 14, 2020 at 5:11 PM Markus Larsson wrote: > > > > On 5 November 2020 13:58:54 CET, Nico Kadel-Garcia wrote: > > > >sssd also breaks other LDAP setups, It's extremely broken with larger > >LDAP setups because it insists on caching *ALL* of the LDAP, barring > >being able to filter to

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On 5 November 2020 13:58:54 CET, Nico Kadel-Garcia wrote: > >sssd also breaks other LDAP setups, It's extremely broken with larger >LDAP setups because it insists on caching *ALL* of the LDAP, barring >being able to filter to only a smaller set of the LDAP. But because so >many LDAP setups

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Wed, Nov 11, 2020 at 7:41 AM Pavel Březina wrote: > > On 11/5/20 1:58 PM, Nico Kadel-Garcia wrote: > > On Thu, Nov 5, 2020 at 6:39 AM Petr Menšík wrote: > >> > >> No, no, NO again. > >> > >> nscd has no important active bugs in Fedora. I am not sure what bugs are > >> mentioned, but just a

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

* Petr Menšík: >> Fedora made the decision to promote systemd-resolved as a local DNS >> cache. To me, that means that we can gradually remove other DNS caches >> from the distribution. > I maintain also dnsmasq and I doubt there is reason to remove it from > the distribution. I would oppose if

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Sa, 07.11.20 15:33, Marius Schwarz (fedora...@cloud-foo.de) wrote: > Am 05.11.20 um 12:39 schrieb Petr Menšík: > > There is no controversy with nscd, it just caches names and nothing > > more. I think this is its advantage. Unless there is any stronger > > reason, I am against this change in

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

* Chris Adams: > Once upon a time, Florian Weimer said: >> Fedora made the decision to promote systemd-resolved as a local DNS >> cache. To me, that means that we can gradually remove other DNS caches >> from the distribution. > > Since when does Fedora choosing a default mean other options

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

* Ben Cotton: > https://fedoraproject.org/wiki/Changes/RemoveNSCD > > == Summary == > This proposal intends to replace the ''nscd'' cache for named services > with ''systemd-resolved'' for the `hosts` database and the ''sssd'' > daemon for everything else. > > == Owner == > * Name:

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

Once upon a time, Florian Weimer said: > Fedora made the decision to promote systemd-resolved as a local DNS > cache. To me, that means that we can gradually remove other DNS caches > from the distribution. Since when does Fedora choosing a default mean other options must be removed from the

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

Hi Florian, more below... On 11/11/20 11:39 AM, Florian Weimer wrote: > * Petr Menšík: >>> This proposal is about nscd, not systemd-resolved. > >> systemd-resolved is mentioned in the title and the body of proposal. So >> it seems it is about it. > > Fedora made the decision to promote

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On 11/5/20 1:58 PM, Nico Kadel-Garcia wrote: On Thu, Nov 5, 2020 at 6:39 AM Petr Menšík wrote: No, no, NO again. nscd has no important active bugs in Fedora. I am not sure what bugs are mentioned, but just a few active bugs are on glibc component in Fedora. Therefore it seems just fine no

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

* Nico Kadel-Garcia: > On Thu, Nov 5, 2020 at 6:39 AM Petr Menšík wrote: >> >> No, no, NO again. >> >> nscd has no important active bugs in Fedora. I am not sure what bugs are >> mentioned, but just a few active bugs are on glibc component in Fedora. >> Therefore it seems just fine no commits

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

* Petr Menšík: > On 11/5/20 12:49 PM, Florian Weimer wrote: >> * Petr Menšík: >> >> >> nscd has more usage downstream, leading to bugs such as: >> >> > > I have very limited understanding of sssd principles. But I think it is > not

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

* Marius Schwarz: > Am 05.11.20 um 12:39 schrieb Petr Menšík: >> There is no controversy with nscd, it just caches names and nothing >> more. I think this is its advantage. Unless there is any stronger >> reason, I am against this change in advance. > It not only caches names, it also RANDOMIZES

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

Hi Marius, If you want to randomize requests to different servers, please try stubby package. I think it should offer best anonymity available. It is not true nscd is the only one. I think unbound at least randomizes queries, but I admit it is not configured via /etc/resolv.conf. With I think

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

Am 05.11.20 um 12:39 schrieb Petr Menšík: There is no controversy with nscd, it just caches names and nothing more. I think this is its advantage. Unless there is any stronger reason, I am against this change in advance. It not only caches names, it also RANDOMIZES the requests to the dns

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

"Is there a concern or known issue that will cause systemd-resolved to not work in your setup?" I have a ton of experience with sssd and before that samba winbind so know the benefits and limitations of this software stack well. I'm new to systemd-resolved but have been reading the lively Fedora

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

> Definitely happy to throw nscd out for something better that was just as > simple and easy to set up. > I'll leave systemd-resolved for the trail blazers. Since systemd-resolved is already on by default since Fedora 33 [1], the user base should be up quite a bit as users continue to upgrade.

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On 11/5/20 12:49 PM, Florian Weimer wrote: > * Petr Menšík: > > > nscd has more usage downstream, leading to bugs such as: > > I have very limited understanding of sssd principles. But I think it is not comparable to nscd, which you

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

On Thu, Nov 5, 2020 at 6:39 AM Petr Menšík wrote: > > No, no, NO again. > > nscd has no important active bugs in Fedora. I am not sure what bugs are > mentioned, but just a few active bugs are on glibc component in Fedora. > Therefore it seems just fine no commits are good. > > Just unlike

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

"the system administrator will need to install and configure sssd to replace it after the update. Even when this is not done, the only visible affect will be slower resolution of named service queries due to a missing cache." I use nscd on a few application servers that point to unreliable DNS

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

* Petr Menšík: > nscd has no important active bugs in Fedora. I am not sure what bugs are > mentioned, but just a few active bugs are on glibc component in Fedora. > Therefore it seems just fine no commits are good. > > Just unlike systemd-resolved, which actively breaks some use cases. It >

Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

No, no, NO again. nscd has no important active bugs in Fedora. I am not sure what bugs are mentioned, but just a few active bugs are on glibc component in Fedora. Therefore it seems just fine no commits are good. Just unlike systemd-resolved, which actively breaks some use cases. It changes

Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

https://fedoraproject.org/wiki/Changes/RemoveNSCD == Summary == This proposal intends to replace the ''nscd'' cache for named services with ''systemd-resolved'' for the `hosts` database and the ''sssd'' daemon for everything else. == Owner == * Name: [[User:submachine| Arjun Shankar]] * Email:

Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

https://fedoraproject.org/wiki/Changes/RemoveNSCD == Summary == This proposal intends to replace the ''nscd'' cache for named services with ''systemd-resolved'' for the `hosts` database and the ''sssd'' daemon for everything else. == Owner == * Name: [[User:submachine| Arjun Shankar]] * Email: