This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC] support for trusted validating resolver configuration
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Pavel Simerda <psimerda at redhat dot com>, libc-alpha <libc-alpha at sourceware dot org>
- Cc: Tomas Hozza <thozza at redhat dot com>, Petr Spacek <pspacek at redhat dot com>, Alexandre Oliva <aoliva at redhat dot com>, siddhesh at redhat dot com, schwab at suse dot de, neleai at seznam dot cz
- Date: Thu, 11 Jun 2015 10:28:56 -0400
- Subject: Re: [RFC] support for trusted validating resolver configuration
- Authentication-results: sourceware.org; auth=none
- References: <1593405040 dot 320240 dot 1416314424126 dot JavaMail dot zimbra at redhat dot com>
On 11/18/2014 07:40 AM, Pavel Simerda wrote:
> * A new file to look into for DNS configuration.
This is such a major disadvantage that I feel the proposal
should be expanded to consider other alternatives that take
into account whole-system integration issues e.g. local
validating resolver, and how this will work with the variety
of virtualization and isolation technology being employed
today. What will network manager do? How do you define your
policies?
I'm hesitant to commit to anything in glibc without seeing
more discussions with Network Manager, dhcp, and the various
other parts of a distribution stack that need to coordinate
secure and trustworthy DNS support.
Cheers,
Carlos.
Notes:
- Public Fedora Bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1164339
- Fedora discussion on local validating resolver:
https://lists.fedoraproject.org/pipermail/devel/2015-June/210992.html