F23 System Wide Change: Default Local DNS Resolver
Paul Wouters
paul at nohats.ca
Thu Jun 18 18:48:52 UTC 2015
On Thu, 18 Jun 2015, Dan Williams wrote:
> The drawbacks I see to dnssec-trigger here are:
> 2) provides only HTTPS IPC, perhaps because it works on all platforms.
> But a Linux-only solution would typically use a unix socket or D-Bus and
> be secured by Unix or D-Bus permissions instead of using certificates.
Recenyly unbound was patched to allow a local socket so we don't have to
go through HTTPS. This was merged upstream. A similar patch could be adopted
for dnssec-triggerd and I see now reason why (the same) upstream would
refuse it.
Paul
More information about the devel
mailing list