Re: dnsmasq

From: "Jim Popovitch" <yahoo jimpop com>
To: networkmanager-list gnome org
Subject: Re: dnsmasq
Date: Thu, 25 Sep 2008 21:43:54 -0400
On Thu, Sep 25, 2008 at 18:27, Howard Chu <hyc symas com> wrote:
>> From: "Jim Popovitch"<yahoo jimpop com>
>>
>> How about a NM option to disable updating of resolv.conf.   This
>> should be settable in 3 different places:
>
>>            -globally
>>            -interface (wired/wireless)
>>            -per manually configured connections
>
> Why so complicated? /etc/resolv.conf is a global resource, a single global
> switch is the only thing that makes sense.

Perhaps it seems that way to you, but consider the case where someone
might want DNS fixed (ie. to a local caching server that is configured
to use opendns, 4.2.2.1, etc.) whilst using a wifi hotspot, but when
in a tightly firewalled corporate environment they need to use the DNS
servers specified by the site.    Also, multiple configuration options
doesn't necessarily imply complexity, but rather flexibility.  More
specific options are needed, not just general ones.

>> For instance, I might want to normally use my local caching
>> nameserver, but if using wired (at HQ) I might want NM to update
>> resolv.conf so that I can resolve corp devices/systems.
>
>> VPN plugins need a "don't touch resolv.conf" option too!
>
> Again, none of that makes sense.

You just haven't lived in my shoes then.   I'm ok if you don't see my
need, just to put up a block for something you don't visualize from
your vantage point.

> Whether or not you have a local caching nameserver has no relation to what
>  your preferred domain search order is. If you want to resolve
> myhost.mycorp.com then that's what you want, period.

Please don't use real domains over example domains (i,e. domain.tld,
etc.), it tends to clutter and frustrate uses looking for other
information.

> If you're online at the local neighborhood Starbucks there's no reason you
> want your unqualified hostname lookups to be checked against
> foo.starbucks.com first, you still want it to check foo.mycorp.com.

Not necessarily.  First, when at Starbucks, you can't route your local
caching DNS server packets before you sign on... which requires a DNS
lookup for server2.hotspot.tmoble.com.  A good professional system
needs some flexibility.  Personally I would like to see NM have some
pre/post connection configuration options to let me specify the
actions I want.

> The resolution rules in resolv.conf shouldn't depend on what network you're
> plugged into.

I beg to differ.  You may not see the cases, but I do.   I routinely
travel to diverse networking environments.  Sometimes I have a need to
do lookups against VPN'ed servers, not customer de'jour's servers.
Other times the network might be a testbed network with no DNS, but
wide open access.  And finally there is the case of not utilizing a
public wifi hotspot's DNS which is problematic, but rather using known
(and secure) DNS servers like opendns.

-Jim P.
References:
- Re: dnsmasq
  - From: Howard Chu
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]