>> Really, the biggest issue people fear is their split view
DNS. Which is
>> easilly solved by extending the concept of firewalld zones into Network
>> Manager, and always use broken DNS forwarders on "trusted networks".
>
> Hmmm... "easily solved" is not "solved":
> * Has this "biggest issue" really been solved? Do we have this NM
> integration?
I don't know. I don't think the integration with firewalld/NM uses the
same concept of "zones".
> Does it show in "nm-applet" (I avoid bringing up KDE which I
> personally use, or other desktops)
> * What other issues we don't know, simply because this Fedora setup
> hasn't been *widely* deployed?
I'd be more sympathetic to this if we haven't gone through major things
like /usr move already :P
Paul
--
The split-dns case is I believe what I have at work. I did test the
proposed local dns resolver. I was able to resolve names of machines
internal to my work network (after some workaround), but when I needed to
connect to a machine with a different domainname, and it wasn't resolved,
and I needed that to do my timesheet, I reverted.
Using firewalld is not a perfect solution either, if that's the suggestion.
My machines are configured to use iptables. I have a perfectly good working
iptables setup, and found firewalld looked like it had too much learning
curve, so I don't use it.