-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 12/12/2011 05:03 PM, Kees Cook wrote: > On Fri, Dec 09, 2011 at 10:37:42AM -0500, Stéphane Graber wrote: >> (Sorry if this e-mail gets to the mailing-list twice, used the >> wrong From address initially ...) >> >> We actually discussed that at UDS: >> https://blueprints.launchpad.net/ubuntu/+spec/foundations-p-dns-resolving >> >> >> I'm still doing tests on Network Manager's dnsmasq integration but for >> now I haven't seen it fail any single time. Only issue I noticed >> is a VPN integration issue (bug 898224). >> >> Once this bug is fixed my recommendation will be to turn it on >> in Network Manager for 12.04. >> >> This will allow for better fall-back between servers, support >> for split DNS, better IPv6 support, caching and possibly even >> DNSSEC support. >> >> The feature would only be on for systems running Network Manager, >> so mostly on desktops. > > Yeah, I like the idea of local caching server just to get DNSSEC. > > -Kees
Sorry for the bad news on that one but DNSSEC is unfortunately not supported by dnsmasq. dnsmasq will obviously let the DNSSEC records from its upstream DNS servers but won't do the validation itself, from what I could find on the upstream mailing-list, it's "by design" and they don't have any plan to change that. An alternative resolver supporting caching, split DNS, IPv6 and doing the DNSSEC validation is unbound, unfortunately it's not currently supported in Network Manager and would require a MIR + adding to the default install (whereas dnsmasq is already part of the desktop installation). I don't think it's the kind of change we want for the LTS. Though if support for it is ever added to NM, I'll definitely switch to it on my laptop! - -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJO5nysAAoJEMY4l01keS1nrJcP/A89y+/ZAte+2jzZaGjcf6rf 6AK0ak3FV1Hk9JZUCVJ8UoA0DMBlpOZUTghFBeI0DLIF+Xf3dL8jVwXPBTC5QF3t sZ8czq9TChwr1t2hFxn2SGw5ogEDQZeuph0JK9j/QB/M+5GmNN+IAOMXP5xBwH/l rOsXX0A0f/O5lfqh49p5peLTaI83p7FhnJNyxxk2w90Ns9l9g5gaSKXJ5GfnUvWt 2ZYvVDN78cSMMhmqyYCO4VCFsZQuIZWvVZxeJDPFfrsUz7kS39weYpZVKMysCvJi J56T0gAPZYI4d1UOdcZrE/SKQhuDyfu43A9n8aETqzPFCNge4hQkyNojYAwWAes4 KkJfn3CAUOLh1fceWSdujeooNJVd0JLmWkHtfOzOjNrWtegN/VEFI7BFGWFSnefj HC0G5CgbjcWgeZUW1HXCYuolYsf9HT7PHdBc1f0C/Mosbh2vl1txy6mn6tKq3qEb kb1DZAB4QesjT09TsIdRGk2PpIhgpNB4dxPSg4m3UnrnQaE9TvXfZzdCLoxzwW2b aWi8Pcqi58gABF85NVYib08rN+gInU+P2FGe6FFXBMyett68fgi9wzJthkO6XTxA 891wizH80hyb8q4puwR8yLYhcllFRBhDBCti0/DJLqHek+rlDUBThvJ3NhJoHWDw fsgrDLrb26ANsUKeI83J =cvBp -----END PGP SIGNATURE----- -- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
