Re: local nameserver support

On Tue, 2004-12-21 at 02:02 -0500, Colin Walters wrote:
> Hi,
> I just committed to CVS support for running a local copy of BIND 9 which
> acts as a caching nameserver.  Actually, I guess I shouldn't say
> "support", because it's actually now required. 
> There are a few reasons for this change, but the major ones are:
> 1) It's a step towards NetworkManager taking sole control over domain
>    resolution; the idea is other applications should never
>    touch /etc/resolv.conf directly.  I plan to provide a D-BUS interface
>    for adding/removing nameservers.
> 2) It avoids issues with applications not picking up changes
>    to /etc/resolv.conf.  Now resolv.conf just points to
> This setup seems to be working well for me, except for a bug in that on
> a default Fedora Core 3 installation, bind won't be able to start
> because the targeted SELinux policy can't differentiate the bind started
> by NetworkManager from the "normal" bind.  I'm going to try fixing this
> soon in a generic way; it's come up for gnome-user-share running Apache
> too.  But as a temporary workaround, you can disable SELinux protection
> for named with "setsebool -P named_disable_trans true".  This should be
> acceptable for now since it's pretty unlikely you're running a real
> nameserver (i.e. an authoritative public-facing bind) on the same
> machine as NetworkManager at the moment.
> Anyways, testing and feedback is appreciated!

How about something smaller and faster than bind, such as dnsmasq?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]