On 7.12.2015 20:35, Lennart Poettering wrote:
On Mon, 07.12.15 15:31, Björn Persson (Bjorn(a)xn--rombobjrn-67a.se) wrote:
> Lennart Poettering <mzerqung(a)0pointer.de> wrote:
>> You *have* to use the local DNS servers by default, even if they are
>> crap.
>
> I for one want my laptop to be suspicious of random DNS servers it
> encounters in public places, and bypass them if they're found to be
> lying.
Well, if you are knoweledgeable enough to understand the problem, then
you hould also be able to install/configure dnssec yourself. But I am
pretty sure that the typical user is neither knowledgeable enough
about this to make the decision, nor does he really care...
As I understood the feature was posted to make something the default
in Fedora, and I am just concerned about that new default.
> It seems to me that the system needs to ask the user whether they are
> in a public hotspot that they're using only as a way to access the
> Internet, or whether they're visiting a friend and want to access
> internal servers. I don't see a way to tell the difference reliably
> without any user interaction.
I think that would be pretty bad UI. You shouldn't ask users questions
they likely won't grok. In fact, you better shouldn't ask users
technical questions at all...
Lennart, you could find more information in the Fedora change page:
https://fedoraproject.org/wiki/Networking/NameResolution/DNSSEC/Design#Br...
As you might see, we were thinking about this hard and actually made attempted
to make it interaction-less.
In short, public/fallback DNS servers will be used to detect if part of DNS
sub-tree (like home.lennart.me) is unsigned. If the sub-tree is unsigned the
query will be re-send to local servers and returned to the client.
The assumption here is that if your domain is signed you have enough wisdom so
use DNSSEC-enabled resolvers in your network. If the domain is not signed we
will trust the crappy local servers.
--
Petr Spacek @ Red Hat