* Michael Catanzaro:
On Sun, Jul 26, 2020 at 6:15 pm, John M. Harris Jr
<johnmh(a)splentity.com> wrote:
> Please do not disable reading from /etc/resolv.conf. If you do so,
> please
> limit that to the Spins that it won't affect people on, such as
> Workstation,
> if you believe people there don't set their own DNS servers.
Except:
* /etc/resolv.conf is broken by design, as you would know if you read
the section on split DNS that you just quoted
It works for the things it's meant to do.
Split DNS does not exist as a concept. Some web browser concepts, such
as the canary domain for DoH are explicitly incompatible with it:
<
https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet...
Incompatible in the sense that when connecting to a VPN, DNS traffic
will now be sent to a third party, when it would not before.
* There's no value in reading from /etc/resolv.conf unless you
have
written something custom to it
Any DNS client library has to read /etc/resolv.conf to determine the
system DNS configuration.
The format is about as stable than _res, and from languages which are
not C, much easier to access.
This isn't an obscure use case, this is something that really has to
work. Even C programs use alternative DNS clients for asynchronous name
resolution and similar things.
Fact is that unless you have done custom work to allow manual
modifications to /etc/resolv.conf, you're not going to notice this
change at all.
It depends on the quality of the DNS implementation whose address is
given in /etc/resolv.conf.
And if you have, then surely you'll be able to figure
out the very, very simple steps to get back to the original
behavior. In fact, it should actually be *easier* than before to get
traditional behavior. Remove the symlink. Create your own
/etc/resolv.conf. Hey presto! systemd will read it....
What if I want to manage name servers via DHCP (and Network Manager),
but still retain DNSSEC support for local applications?
Thanks,
Florian