Re: dnsmasq

From: Howard Chu <hyc symas com>
To: Jim Popovitch <yahoo jimpop com>
Cc: networkmanager-list gnome org
Subject: Re: dnsmasq
Date: Thu, 25 Sep 2008 23:59:04 -0700

Jim Popovitch wrote:

On Fri, Sep 26, 2008 at 01:28, Howard Chu<hyc symas com>  wrote:

Current versions of BIND don't give you much control over forwarding either;
dnsmasq does.

Bind9 does.  At least it does so for me.  Dnsmasq does too, but I need
bind9 for other things (outside the scope of this thread)

OK. Then we're back to the notion that a standardized DBUS interface for thispurpose needs to be defined, and implemented in Bind9. (I was using Bind9 forlocal caching before, but since it lacked a mechanism for dynamically updatingits forwarders without totally reloading, I went googling for somethingelse...) I guess now we just need to focus on what features are needed, and where.

Not necessarily.  I use a dhcp3 script to pull the forwarders out and
update bind9 forwarders via an include + rndc reload.   That could go
away if NM would allow a simple way of determining connection provided
forwarders... such as a post-connection script call.

In what way does any of what you wrote here have anything to do with whether
or not anybody should be overwriting /etc/resolv.conf?

It was my example of a work around that could be eliminated, perhaps
only in my case.  I didn't go down that road... you pressed for that
info. ;-)

Ok.

Sigh.  You really aren't getting my point.  I haven't cared about
search or domain until you mentioned them above.  I only care about NM
updating resov.conf.   I don't think a all or none solution (i.e.
global) is reasonable, the user needs some level of control over which
connections are allowed to update resolv.conf.

And you're still missing the point that /etc/resolv.conf is the wrong
vehicle for exercising fine-grained control over name resolution.


I have never stated that it was.  Again, you are not reading what I am writing.

Hm. So what exactly did you mean by saying "the user needs some level ofcontrol over which connections are allowed to update resolv.conf" ?

Yes, it's a good idea to have control over how nameserver info received fromvarious interfaces gets used by the local machine. But trying to slot any ofthose controls into /etc/resolv.conf is futile.

In fact, it offers you *no* ability to do fine-grained control. On the other hand,
dnsmasq gives you a great deal of fine control. Since you're still talking
about bind9, I suggest you go read up on dnsmasq's features before
continuing this conversation.

I don't want dnsmasq.  Please quit trying to push me to use only what
you use.  The world is too diverse for that.

I'm not insisting you use dnsmasq. I'm just trying to make sure you understandthat inventing complex policies over what content makes it into/etc/resolv.conf is not useful. Policies for control of nameserver info can bebetter implemented elsewhere; dnsmasq is a working example of that.

Now, maybe we can work together to define what controls are needed, and thenwe can get some new code written for the purpose.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: dnsmasq
  - From: Jim Popovitch

References:
- Re: dnsmasq
  - From: Howard Chu
- Re: dnsmasq
  - From: Jim Popovitch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]