Re: local nameserver support
- From: Daniel Gryniewicz <dang fprintf net>
- To: Colin Walters <walters verbum org>
- Cc: networkmanager list <networkmanager-list gnome org>
- Subject: Re: local nameserver support
- Date: Tue, 21 Dec 2004 10:49:32 -0500
On Tue, 2004-12-21 at 02:02 -0500, Colin Walters wrote:
> I just committed to CVS support for running a local copy of BIND 9 which
> acts as a caching nameserver. Actually, I guess I shouldn't say
> "support", because it's actually now required.
> There are a few reasons for this change, but the major ones are:
> 1) It's a step towards NetworkManager taking sole control over domain
> resolution; the idea is other applications should never
> touch /etc/resolv.conf directly. I plan to provide a D-BUS interface
> for adding/removing nameservers.
> 2) It avoids issues with applications not picking up changes
> to /etc/resolv.conf. Now resolv.conf just points to 127.0.0.1.
> This setup seems to be working well for me, except for a bug in that on
> a default Fedora Core 3 installation, bind won't be able to start
> because the targeted SELinux policy can't differentiate the bind started
> by NetworkManager from the "normal" bind. I'm going to try fixing this
> soon in a generic way; it's come up for gnome-user-share running Apache
> too. But as a temporary workaround, you can disable SELinux protection
> for named with "setsebool -P named_disable_trans true". This should be
> acceptable for now since it's pretty unlikely you're running a real
> nameserver (i.e. an authoritative public-facing bind) on the same
> machine as NetworkManager at the moment.
> Anyways, testing and feedback is appreciated!
How about something smaller and faster than bind, such as dnsmasq?
] [Thread Prev