F21 System Wide Change: Default Local DNS Resolver

Dan Williams dcbw at redhat.com
Tue Apr 29 15:30:23 UTC 2014

On Tue, 2014-04-29 at 22:10 +0800, P J P wrote:
>    Hello,
> On Tuesday, 29 April 2014 7:22 PM, Miloslav Trma─Ź wrote:
> >So what exactly happens on upgrade?  Before the upgrade,
> >most resolv.conf files will not point to
> >What will they point to after the upgrade, and if they will point to,
> >which package will actually do that, and what will happen with the old contents
> >of the file? For example, is it assumed that ifcfg-* are always authoritative
> >and it's safe to just overwrite resolv.conf?
>    After upgrade, the default DNS resolver should listen on And the entry will be added to '/etc/resolv.conf' by NetworkManager. The old contents of the file should be passed on to the local resolver as transitory name servers. The actual workflow is currently being worked upon.

If NetworkManager is used, an upgrade would simply involve dropping a
config file into /etc/NetworkManager/conf.d that specifies the
"dns=[plugin]" option.  Then, either NM rewrites resolv.conf to (if an NM DNS plugin is used), or NM stops touching
resolv.conf entirely (dns=none) and something else handles resolv.conf.
In both cases, NetworkManager gets the DNS information from the same
places it already does, and passes it along to the caching nameserver

If NetworkManager is not being used on the system, then yes, there are
some additional questions which the proposal needs to answer.

> >Similarly, what do we tell users who used to edit /etc/resolv.conf to do in the new system?
>   We tell users to never edit the '/etc/resolv.conf' file and ensure that the local resolver is listening at

If NetworkManager is being used, users already don't touch resolv.conf,
they edit /etc/sysconfig/network-scripts/ifcfg-* files and use
DNS1/DNS2/DNS3 and SEARCHES to set DNS information.

If NetworkManager is not being used, then the proposal needs to address
what config file users *do* edit to ensure that the upstream DNS servers
are pushed to the caching nameserver.


> >Generally, the page doesn't actually say which resolver will be used.  Has that been decided?  Or is that intentionally undefined?
>   The choice of the default resolver is not yet done. From the discussion so far unbound(https://unbound.net/) appears to be the strong contender.
> ---
> Regards
>    -Prasad
> http://feedmug.com

More information about the devel mailing list