F21 System Wide Change: Default Local DNS Resolver
dcbw at redhat.com
Tue Apr 29 15:30:23 UTC 2014
On Tue, 2014-04-29 at 22:10 +0800, P J P wrote:
> On Tuesday, 29 April 2014 7:22 PM, Miloslav Trmač wrote:
> >So what exactly happens on upgrade? Before the upgrade,
> >most resolv.conf files will not point to 127.0.0.1.
> >What will they point to after the upgrade, and if they will point to 127.0.0.1,
> >which package will actually do that, and what will happen with the old contents
> >of the file? For example, is it assumed that ifcfg-* are always authoritative
> >and it's safe to just overwrite resolv.conf?
> After upgrade, the default DNS resolver should listen on 127.0.0.1:53. And the entry will be added to '/etc/resolv.conf' by NetworkManager. The old contents of the file should be passed on to the local resolver as transitory name servers. The actual workflow is currently being worked upon.
If NetworkManager is used, an upgrade would simply involve dropping a
config file into /etc/NetworkManager/conf.d that specifies the
"dns=[plugin]" option. Then, either NM rewrites resolv.conf to
127.0.0.1 (if an NM DNS plugin is used), or NM stops touching
resolv.conf entirely (dns=none) and something else handles resolv.conf.
In both cases, NetworkManager gets the DNS information from the same
places it already does, and passes it along to the caching nameserver
If NetworkManager is not being used on the system, then yes, there are
some additional questions which the proposal needs to answer.
> >Similarly, what do we tell users who used to edit /etc/resolv.conf to do in the new system?
> We tell users to never edit the '/etc/resolv.conf' file and ensure that the local resolver is listening at 127.0.0.1:53.
If NetworkManager is being used, users already don't touch resolv.conf,
they edit /etc/sysconfig/network-scripts/ifcfg-* files and use
DNS1/DNS2/DNS3 and SEARCHES to set DNS information.
If NetworkManager is not being used, then the proposal needs to address
what config file users *do* edit to ensure that the upstream DNS servers
are pushed to the caching nameserver.
> >Generally, the page doesn't actually say which resolver will be used. Has that been decided? Or is that intentionally undefined?
> The choice of the default resolver is not yet done. From the discussion so far unbound(https://unbound.net/) appears to be the strong contender.
More information about the devel