On Thu, Aug 14, 2014 at 1:47 PM, Lennart Poettering <[email protected]> wrote: > On Thu, 14.08.14 13:27, Tom Gundersen ([email protected]) wrote: > >> >> On Thu, Aug 14, 2014 at 1:11 PM, Lennart Poettering >> <[email protected]> wrote: >> > >> > UseDomain= should have the effect of adding the domains from dhcp option >> > 15 and 119 to the list of domains for the interface. And >> > sd_network_get_link_domains() should then return a single list, of >> > deduplicated entries, with the domains specified in Domains= first, and >> > then the dhcp domains possible added in at the end. >> > >> > Zbigniew, I think this simplification would be beneficial, as I really >> > don't see the need to make the search vs. route domain thing >> > configurable.... >> > >> > Tom, what's your take on all of this? >> >> >> Sorry for taking forever to answer to this thread. I have been going >> back and forth in my mind about how this should look. >> >> I think in the end I essentially agree with Lennart's last suggestion. >> Let's make this dead-simple and collapse the search/route domains for >> each link into a single list. I think this is fine given that we >> restrict the search behaviour to single-labels. >> >> My only hesitation has been that I can imagine someone wanting to add >> search domains that do not imply anything about routing. However, I >> think in this case it does not make much sense to make this per-link, >> but it should rather be a global SearchDomains= option (in >> resolved.conf) or something to that effect. >> >> Zbigniew, Michael, what do you think? > > Tom reminded me of the fact now, that at the systemd hackfest in Brno > last week (which really was more a "talkfest") people suggested we > should actually make it possible that if you go to lets say > "xhamster.com" you never ever want this to be resolved via the redhat > VPN. That probably makes a lot of sense. > > Hence, I would suggest adding a syntax of: > > [Network] > Domains=* > > which would have the effect to route all DNS traffic that is not > explicitly routed somewhereelse to this interface. > > Internally, this would just set a boolean, which could be queried with: > > int sd_network_link_get_wildcard_domain(int ifindex); > > or so, which would return 0 or 1 or negative -errno... > > But then again, this doesn't have to be there from day one, we can add > that later... But of course, I'd love to see this done early on, too, > after all the porn usecase is a major one.
As discussed off-list, I agree with adding this API / behaviour. Cheers, Tom _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
