On Tue, Apr 14, 2020 at 12:57 pm, Kevin Fenzi kevin@scrye.com wrote:
Can you expand on what that means?
Does it mean:
a) systemd-resolved will use DNS over TLS if it detects that the nameservers it is querying can do so (ie, it would do a query to port 853 of the nameservers dhcp or static config gave it)
b) systemd-resolved will use DNS over TLS and always use some 'well known' public dns servers for queries, ignoring locally configured servers.
I'm very much in favor of a, but not in favor of b. :)
It would do (a). (But as part of a future change, not part of this change.)
I think (b) would be too controversial for Fedora.
That said, there are not currently any known compatibility problems with the DNS over TLS support as far as I know, so I would *expect* it to go smoothly regardless.
Of course, once systemd-resolved is enabled, then enabling or disabling DNS over TLS will be a one-line config file change in /etc/systemd/resolved.conf. :)
Is that going to be to set it to 'opportunistic' or 'true' ?
It would be "opportunistic". (But again, that would be a future change, not this change.)