New configurations in /etc/resolv.conf

P J P pj.pandit at yahoo.co.in
Sun Apr 13 19:23:54 UTC 2014


  Hello,

Please see:
  -> http://www.ietf.org/mail-archive/web/dane/current/msg06469.html
  -> https://www.ietf.org/mail-archive/web/dane/current/msg06658.html

These two threads are about handling of Authenticated Data(AD) bit by the stub resolvers. There two proposed solutions for this problem:

 1) To install a 'trusted' local resolver running on 127.0.0.1:53.
    A system wide change request has been filed for this.
    -> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver

 2) To strip the AD bit in stub resolvers by default. This requires new configuration
    parameter(s) to be defined in '/etc/resolv.conf'.

This is required because, till the time 'trusted' local resolver becomes a norm, applications need some way to know whether the listed name servers in '/etc/resolv.conf' are trustworthy or not.

The discussion is open for ways to convey 'trustworthyness' of the listed name servers to the requesting applications and ways to enable/disable AD bit stripping in the stub resolver.

Your inputs/comments about syntax & semantics of the new configurations in '/etc/resolv.conf' are most welcome.


Thank you.
---
Regards
   -Prasad
http://feedmug.com


More information about the devel mailing list