On 9/29/20 10:05 PM, Michael Catanzaro wrote:
On Tue, Sep 29, 2020 at 4:28 pm, Petr Menšík pemensik@redhat.com wrote:
nss-dns is allright. All you need to have is dns server with domain configurable servers.
Those are:
- unbound (with dnssec-trigger autoconfigured)
- dnsmasq
- systemd-resolved
- probably knot-resolver
- bind (not more difficult to reconfigure runtime)
Maybe more. It is not about nss, because /etc/resolv.conf does not support any domain:server-ip tuples. It would work better with local cache. resolved is not the only possibility. Just use /etc/resolv.conf set to localhost and confi
Great, that will work wonderfully for those of us who run our own DNS server and configure it to split DNS as we prefer, and who never use VPNs, and who own zero laptops. For the rest of the world, nss-dns is not alright.
Isn't the whole issue just to have that server configured correctly? Just omit manual configuration. VPNs are not solved only by resolved. dnssec-trigger solves it the same way. It needs only integration with NM.
systemd-resolved is also just dns server with few more options. Bundled into single package with more features, that might have been separate. I own a laptop, connect VPN everyday and it works just fine. Did you know dnsmasq can be configured in very similar way?
I think systemd-resolved mixed too many bits together.
--
Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemensik@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB