Build-in DNS cache support
stgraber at ubuntu.com
Mon Dec 12 22:14:04 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 12/12/2011 05:03 PM, Kees Cook wrote:
> On Fri, Dec 09, 2011 at 10:37:42AM -0500, Stéphane Graber wrote:
>> (Sorry if this e-mail gets to the mailing-list twice, used the
>> wrong From address initially ...)
>> We actually discussed that at UDS:
I'm still doing tests on Network Manager's dnsmasq integration but for
>> now I haven't seen it fail any single time. Only issue I noticed
>> is a VPN integration issue (bug 898224).
>> Once this bug is fixed my recommendation will be to turn it on
>> in Network Manager for 12.04.
>> This will allow for better fall-back between servers, support
>> for split DNS, better IPv6 support, caching and possibly even
>> DNSSEC support.
>> The feature would only be on for systems running Network Manager,
>> so mostly on desktops.
> Yeah, I like the idea of local caching server just to get DNSSEC.
Sorry for the bad news on that one but DNSSEC is unfortunately not
supported by dnsmasq.
dnsmasq will obviously let the DNSSEC records from its upstream DNS
servers but won't do the validation itself, from what I could find on
the upstream mailing-list, it's "by design" and they don't have any
plan to change that.
An alternative resolver supporting caching, split DNS, IPv6 and doing
the DNSSEC validation is unbound, unfortunately it's not currently
supported in Network Manager and would require a MIR + adding to the
default install (whereas dnsmasq is already part of the desktop
installation). I don't think it's the kind of change we want for the
LTS. Though if support for it is ever added to NM, I'll definitely
switch to it on my laptop!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the technical-board