mirror of
https://github.com/YellowJacketLinux/lfs-buildscripts.git
synced 2025-01-23 14:32:20 +08:00
work on content
This commit is contained in:
parent
76100ad8e3
commit
5156b99adb
@ -207,10 +207,17 @@ configure `DNSSEC=allow-downgrade` for that connection which, if WiFi, hopefully
|
|||||||
could be done by SSID so that `DNSSEC=allow-downgrade` only applies to that
|
could be done by SSID so that `DNSSEC=allow-downgrade` only applies to that
|
||||||
SSID.
|
SSID.
|
||||||
|
|
||||||
|
At this point in time, it *appears to me* (not properly researched) that at
|
||||||
|
least in developed countries, the only DNS servers that do NOT support DNSSEC
|
||||||
|
querries are some very old caching DNS servers that are built into very old
|
||||||
|
routers that need updating. I do not anticipate setting `DNSSEC=yes` in the
|
||||||
|
default configuration will cause an issue for the vast majority of users, and it
|
||||||
|
is *much* safer than `DNSSEC=allow-downgrade`.
|
||||||
|
|
||||||
Until `systemd-resolved` works well and smoothly in DNSSEC enforcing mode, I
|
Until `systemd-resolved` works well and smoothly in DNSSEC enforcing mode, I
|
||||||
will disable it by default. Users who want it of course can enable it. I really
|
will disable `systemd-resolved` by default. Users who want it of course can
|
||||||
do not want YJL to be a distribution that pushes technology not quite ready for
|
enable it. I really do not want YJL to be a distribution that pushes technology
|
||||||
mass adoption on its users.
|
not quite ready for mass adoption on its users.
|
||||||
|
|
||||||
If `systemd-resolved` with DNSSEC support is not yet working well and smoothly
|
If `systemd-resolved` with DNSSEC support is not yet working well and smoothly
|
||||||
when the first official YJL release happens, then YJL will ship with `unbound`
|
when the first official YJL release happens, then YJL will ship with `unbound`
|
||||||
@ -218,6 +225,10 @@ configured for DNSSEC and opportunistic DoT queries to the authoritative DNS
|
|||||||
servers, but the user will have to enable the service if they want it as I do
|
servers, but the user will have to enable the service if they want it as I do
|
||||||
no like installing running servers by default.
|
no like installing running servers by default.
|
||||||
|
|
||||||
|
It is *possible* that `systemd-resolved` with DNSSEC support *already* works
|
||||||
|
smoothly and well, the reports of issues I saw online from Fedora and Ubuntu
|
||||||
|
users involved older versions of SystemD.
|
||||||
|
|
||||||
|
|
||||||
DNS over HTTPS (DoH)
|
DNS over HTTPS (DoH)
|
||||||
--------------------
|
--------------------
|
||||||
|
Loading…
Reference in New Issue
Block a user