[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: BIND will completely drop D-BUS dynamic forwarders table support



On Wed, Dec 05, 2007 at 04:04:55PM -0500, Colin Walters wrote:
> I think the solution is going to be to require the OS to have a caching
> nameserver on localhost (i.e. /etc/resolv.conf is always 127.0.0.1), and
> for NetworkManager to control that nameserver in some way.  If BIND is
> dropping support for configuring itself (i.e. it doesn't want to be a
> usable caching nameserver for roaming laptops), then dnsmasq may be what
> we need to use.
> 

Main problem with dnsmasq is that it doesn't support DNSSEC (I read
that it supports only forwarding DNSSEC queries). Only named as
caching nameserver could validate DNSSEC queries (point me if I'm not
correct). Many people think that DNSSEC is useless. If I compare plain
DNS and DNSSEC it is something like rsh vs. ssh. I'm interested how
many people think ssh is useless. Use dnsmasq will be good for now but
in the end We have to implement dynamic forwarders into named or
DNSSEC into other server. I've already started thread about this topic
in BIND upstream so I think We will find good compromise and solve
this problem.

Adam

-- 
Adam Tkac, Red Hat, Inc.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]