default local DNS failover solution needed, nscd?

Dan Williams dcbw at
Mon Apr 28 15:36:16 UTC 2014

On Mon, 2014-04-28 at 10:14 -0400, Paul Wouters wrote:
> On Mon, 28 Apr 2014, Marcelo Ricardo Leitner wrote:
> > Speaking of which, I am not sure how dnsmasq plays with DNSSEC and/or 
> > failover, but NetworkManager already has a config option 
> > (/etc/NetworkManager/NetworkManager.conf, dns=dnsmasq) that makes it 
> > configure a local dnsmasq instance on for handling DNS requests. 
> > The dnsmasq then is the one who will go after the real servers & all..
> >
> > Isn't making this the default way enough perhaps?
> No, that is missing all the features for hotspot signon and VPN
> integration.

NM already has connectivity checking like dnssec-trigger, which we use
for hotspot detection and twiddle some D-Bus API flags to indicate that
you might be behind a hotspot.  GNOME Shell displays a "hotspot" status
in this case.  NM will also do split DNS with dnsmasq as a local caching
nameserver to handle the VPN stuff, if your VPN passes down domains or
you specify them manually.

What that doesn't have is the DNSSEC support or the ability to start a
sandboxed web browser for hotspot login before making the upstream
nameservers system-wide, which is where dnssec-trigger and unbound would
come in.


More information about the devel mailing list