dnssec-trigger + GNOME + NetworkManager integration

Tomas Hozza thozza at redhat.com
Tue Jun 30 14:57:07 UTC 2015


On 30.06.2015 16:07, Michael Catanzaro wrote:
> On Tue, 2015-06-30 at 11:24 +0200, Tomas Hozza wrote:
>> The thing is that some information are unrelated to NM. There is no
>> reason to push all information back to NetworkManager, since its role 
>> is
>> explicitly defined - manage network connections and leave the DNS
>> resolution and configuration up to different tool.
> 
> I'm not sure I agree with that, from a desktop developer perspective.
> It's very convenient for GNOME (and probably also KDE) for
> NetworkManager to be the one-stop shop for network management. It
> already allows you to configure DNS anyway (in GNOME, under Network ->
> hidden gear menu in the lower right -> IPv4 or IPv6) so there has to be
> some level of integration to keep that working.

This will still work. We are not going to interfere with the
configuration that NM stores. If you configured explicit DNS servers,
dnssec-trigger will still try to use those. However if they don't
support DNSSEC, it will fallback to some other method.

If by configuring DNS you mean writing content into resolv.conf, then NM
will not do that any more. Instead we will use configuration from NM,
including the user defined values. We will test the DNS servers and act
upon the results of tests.

There is a draft of the final configuration based on the network
configuration [1]. Note that we don't care if the DNS servers came from
DHCP or if user specified these manually. We act only on the final
config provided by NM.

[1]
https://fedoraproject.org/w/index.php?title=Networking/NameResolution/DNSSEC/UnboundMixedMode#Usage

Regards,
Tomas


More information about the devel mailing list