F23 System Wide Change: Default Local DNS Resolver
Andrew Lutomirski
luto at mit.edu
Fri Jun 12 18:09:38 UTC 2015
On Fri, Jun 12, 2015 at 10:17 AM, Dan Williams <dcbw at redhat.com> wrote:
> On Fri, 2015-06-12 at 00:48 -0400, Paul Wouters wrote:
>> 2) NM/dnssec-trigger does the HTTP and DNS probing and prompting using
>> a dedicated container and any DNS requests in that container are
>> thrown away with the container once hotspot has been authenticated.
>> This would allow us to never have resolv.conf on the host be
>> different from 127.0.0.1. (currently, it needs to put in the hotspot
>> DNS servers for the hotspot logon, exposing other applications to
>> fake DNS)
>
> I'm not sure a container really needs to be involved as long as the DNS
> resolution can be done without hitting resolv.conf. That's not hugely
> hard to do I think as long as we can manually resolve the connectivity
> URI address without telling applications about the new DNS servers.
>
If you have automatic VPN connection enabled, then I don't really see
how a captive portal login can be done fully safely without a
container -- the captive portal login should see a route or even
interface that should never be visible to anything else.
--Andy
More information about the devel
mailing list