On Tue, 2020-04-14 at 16:18 -0500, Michael Catanzaro wrote:
On Tue, Apr 14, 2020 at 12:45 pm, Adam Williamson adamwill@fedoraproject.org wrote:
Doesn't NetworkManager already broadly address both of these on all installations where it's used (which is all Fedora installs by default)?
I don't think so, no.
As far as I know, NetworkManager does not have a DNS cache. The only way to implement one systemwide would be to write a glibc NSS plugin. Otherwise, how would glibc be able to talk to NetworkManager to use the cached results?
Then the description of multi-VPN scenario is written based on the status quo with NetworkManager already installed and enabled. NetworkManager has three DNS backends: default (nss-dns, what we use currently), dnsmasq, and systemd-resolved. The default backend just does the wrong thing and cannot be fixed. When either dnsmasq or systemd-resolved is in use, NetworkManager will go ahead and do the right thing by telling dnsmasq/systemd-resolved which network interfaces should be used to resolve which hostnames. I consulted with the NetworkManager developers and they recommended systemd-resolved over dnsmasq, although I understand that dnsmasq is good too.
I thought we'd made the dnsmasq config default at some point (that implements both caching and split DNS). I guess I was remembering wrong.