Re: dnsmasq
- From: Howard Chu <hyc symas com>
- To: networkmanager-list gnome org
- Subject: Re: dnsmasq
- Date: Thu, 25 Sep 2008 20:34:39 -0700
Date: Thu, 25 Sep 2008 21:43:54 -0400
From: "Jim Popovitch" <yahoo jimpop com>
On Thu, Sep 25, 2008 at 18:27, Howard Chu <hyc symas com> wrote:
>> From: "Jim Popovitch"<yahoo jimpop com>
>>
>> How about a NM option to disable updating of resolv.conf. This
>> should be settable in 3 different places:
>
>> -globally
>> -interface (wired/wireless)
>> -per manually configured connections
>
> Why so complicated? /etc/resolv.conf is a global resource, a single global
> switch is the only thing that makes sense.
Perhaps it seems that way to you, but consider the case where someone
might want DNS fixed (ie. to a local caching server that is configured
to use opendns, 4.2.2.1, etc.) whilst using a wifi hotspot, but when
in a tightly firewalled corporate environment they need to use the DNS
servers specified by the site. Also, multiple configuration options
doesn't necessarily imply complexity, but rather flexibility. More
specific options are needed, not just general ones.
You're completely missing the point:
You're either using a local caching server, or not. That's it, one simple
switch.
All the variations you talk about are of course important, but those should be
handled in the caching DNS, not in resolv.conf. If you have a caching DNS,
resolv.conf should point to localhost, period, end of story.
As for myself, I don't ever operate without a local caching DNS. First it
makes most name lookups a lot faster, and second, I have mine configured to
point annoying domains like doubleclick.net and intellitxt.com at 0.0.0.0 so
that I'm never bothered by their junk when I'm browsing the web. Frankly I
don't think the Internet is usable today without explicit local control of DNS
resolution.
> If you're online at the local neighborhood Starbucks there's no reason you
> want your unqualified hostname lookups to be checked against
> foo.starbucks.com first, you still want it to check foo.mycorp.com.
Not necessarily. First, when at Starbucks, you can't route your local
caching DNS server packets before you sign on... which requires a DNS
lookup for server2.hotspot.tmoble.com. A good professional system
needs some flexibility. Personally I would like to see NM have some
pre/post connection configuration options to let me specify the
actions I want.
None of the above is controlled by the settings in resolv.conf. When you're at
Starbucks, all of your DNS queries are intercepted by their system anyway, so
it doesn't matter what DNS servers you point to. And the "domain" and "search"
directives in resolv.conf don't have anything to do with which DNS servers you
contact, it only controls what the resolver asks them when you feed in a
partially qualified name.
> The resolution rules in resolv.conf shouldn't depend on what network you're
> plugged into.
I beg to differ. You may not see the cases, but I do. I routinely
travel to diverse networking environments. Sometimes I have a need to
do lookups against VPN'ed servers, not customer de'jour's servers.
Other times the network might be a testbed network with no DNS, but
wide open access. And finally there is the case of not utilizing a
public wifi hotspot's DNS which is problematic, but rather using known
(and secure) DNS servers like opendns.
Again, the choice of DNS servers has nothing to do with the domain/search
resolution rules.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
