Build-in DNS cache support
Stéphane Graber
stgraber at ubuntu.com
Mon Dec 12 22:14:04 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 12/12/2011 05:03 PM, Kees Cook wrote:
> On Fri, Dec 09, 2011 at 10:37:42AM -0500, Stéphane Graber wrote:
>> (Sorry if this e-mail gets to the mailing-list twice, used the
>> wrong From address initially ...)
>>
>> We actually discussed that at UDS:
>> https://blueprints.launchpad.net/ubuntu/+spec/foundations-p-dns-resolving
>>
>>
>>
I'm still doing tests on Network Manager's dnsmasq integration but for
>> now I haven't seen it fail any single time. Only issue I noticed
>> is a VPN integration issue (bug 898224).
>>
>> Once this bug is fixed my recommendation will be to turn it on
>> in Network Manager for 12.04.
>>
>> This will allow for better fall-back between servers, support
>> for split DNS, better IPv6 support, caching and possibly even
>> DNSSEC support.
>>
>> The feature would only be on for systems running Network Manager,
>> so mostly on desktops.
>
> Yeah, I like the idea of local caching server just to get DNSSEC.
>
> -Kees
Sorry for the bad news on that one but DNSSEC is unfortunately not
supported by dnsmasq.
dnsmasq will obviously let the DNSSEC records from its upstream DNS
servers but won't do the validation itself, from what I could find on
the upstream mailing-list, it's "by design" and they don't have any
plan to change that.
An alternative resolver supporting caching, split DNS, IPv6 and doing
the DNSSEC validation is unbound, unfortunately it's not currently
supported in Network Manager and would require a MIR + adding to the
default install (whereas dnsmasq is already part of the desktop
installation). I don't think it's the kind of change we want for the
LTS. Though if support for it is ever added to NM, I'll definitely
switch to it on my laptop!
- --
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJO5nysAAoJEMY4l01keS1nrJcP/A89y+/ZAte+2jzZaGjcf6rf
6AK0ak3FV1Hk9JZUCVJ8UoA0DMBlpOZUTghFBeI0DLIF+Xf3dL8jVwXPBTC5QF3t
sZ8czq9TChwr1t2hFxn2SGw5ogEDQZeuph0JK9j/QB/M+5GmNN+IAOMXP5xBwH/l
rOsXX0A0f/O5lfqh49p5peLTaI83p7FhnJNyxxk2w90Ns9l9g5gaSKXJ5GfnUvWt
2ZYvVDN78cSMMhmqyYCO4VCFsZQuIZWvVZxeJDPFfrsUz7kS39weYpZVKMysCvJi
J56T0gAPZYI4d1UOdcZrE/SKQhuDyfu43A9n8aETqzPFCNge4hQkyNojYAwWAes4
KkJfn3CAUOLh1fceWSdujeooNJVd0JLmWkHtfOzOjNrWtegN/VEFI7BFGWFSnefj
HC0G5CgbjcWgeZUW1HXCYuolYsf9HT7PHdBc1f0C/Mosbh2vl1txy6mn6tKq3qEb
kb1DZAB4QesjT09TsIdRGk2PpIhgpNB4dxPSg4m3UnrnQaE9TvXfZzdCLoxzwW2b
aWi8Pcqi58gABF85NVYib08rN+gInU+P2FGe6FFXBMyett68fgi9wzJthkO6XTxA
891wizH80hyb8q4puwR8yLYhcllFRBhDBCti0/DJLqHek+rlDUBThvJ3NhJoHWDw
fsgrDLrb26ANsUKeI83J
=cvBp
-----END PGP SIGNATURE-----
More information about the technical-board
mailing list