F23 System Wide Change: Default Local DNS Resolver

Tomas Hozza thozza at redhat.com
Thu Jun 18 12:13:57 UTC 2015 


On 18.06.2015 13:14, Bastien Nocera wrote:
> 
> 
> ----- Original Message -----
>> On 12.06.2015 19:00, Matthew Miller wrote:
>>> On Fri, Jun 12, 2015 at 11:53:32AM -0500, Dan Williams wrote:
>>>> Yeah, we did.  From my recollection, most of that focused on the unbound
>>>> parts and how NM could add the dns=unbound stuff (which Pavel
>>>> contributed) but less on the NM connectivity checking, becuase Fedora
>>>> hadn't turned that on by default yet.  I'm all fine with dns=unbound,
>>>> that's not the issue.  The issue is more around what happens with NM's
>>>> connectivity checking, since that's used by quite a few clients,
>>>> including GNOME Shell.
>>>
>>> I personally find the anchor icon very confusing. As a non-expert in
>>> this area, it doesn't represent anything which seems relevant to me,
>>> and all of the right click menu options, once I figured out to right
>>> click, are obscure to me.
>>
>> I plan to contact the GNOME folks about how they would be willing to
>> better integrate the panel (most probably in a different form) into GNOME.
> 
> I don't think we want to integrate one more panel applet. The information about
> the DNS security should be passed on from NetworkManager. Once that's figured
> out, we can discuss how to show that information.

I think you should discuss with us the approach before saying that you
don't want to integrate with dnssec-trigger. We don't see any reason why
the information should be passed back to NM. The information can be
passed or gathered from dnssec-trigger itself. We don't want to lock
ourselves only to NetworkManager, since there are also other network
configuration managers.

> The code needs to integrate with various NetworkManager features, such as
> VPNs and connectivity checking. Adding any UI for network information provided
> via a side-channel would be premature.

VPNs... done like 2 years ago. From what we discussed the connectivity
checking is not really perfect in NM, since it assumes that DHCP
provided resolvers are in resolv.conf because NM obviously uses system's
stub resolver.

If there are any valid integration pieces, please be specific.

I would love to see more will for cooperation from GNOME people, so we
can converge to the working and well integrated solution. Vague claims
that something is missing or something needs to be done, without clear
reasoning is not helping anyone.

Cheers
-- 
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

PGP: 1D9F3C2D
Red Hat Inc.                 http://cz.redhat.com

More information about the devel mailing list