Announcement

Collapse
No announcement yet.

Systemd 229 Released With Many Changes, DNS Resolver Now Fully Supported

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Systemd 229 Released With Many Changes, DNS Resolver Now Fully Supported

    Phoronix: Systemd 229 Released With Many Changes, DNS Resolver Now Fully Supported

    The last major systemd update was all the way back in November, which is rather strange considering their normal frequent releases, but that changed today with the release of systemd 229...

    Systemd 229 Released With Many Changes, DNS Resolver Now Fully Supported - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=systemd-229-Released
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    A systemd-networkd widget would be absolutely fire. There's probably a way to achieve this short of writing your own, but still.
    • Likes 1

    Comment

    • #3
      DNSSEC isn't explained in that sentence - it's status in systemd is. Anyone care to explain what this feature brings to the table?

      Comment

      • #4
        Originally posted by FireBurn View Post
        DNSSEC isn't explained in that sentence - it's status in systemd is. Anyone care to explain what this feature brings to the table?
        It's a standard for cryptographically signing DNS records so forged DNS records can't be used for things like phishing.

        It's also hoped that, if we can get sufficient DNSSEC adoption, we could use it as way to migrate away from our current TLS certificate authority system with its myriad weaknesses.

        You need your DNS client to verify DNSSEC records itself because, otherwise, you lack the end-to-end security needed to make the whole thing work.
        • Likes 4

        Comment

        • #5
          Originally posted by ssokolow View Post

          It's a standard for cryptographically signing DNS records so forged DNS records can't be used for things like phishing.

          It's also hoped that, if we can get sufficient DNSSEC adoption, we could use it as way to migrate away from our current TLS certificate authority system with its myriad weaknesses.

          You need your DNS client to verify DNSSEC records itself because, otherwise, you lack the end-to-end security needed to make the whole thing work.

          Cheers
          • Likes 1

          Comment

          • #6
            Originally posted by ssokolow View Post
            It's a standard for cryptographically signing DNS records so forged DNS records can't be used for things like phishing.
            It's also hoped that, if we can get sufficient DNSSEC adoption, we could use it as way to migrate away from our current TLS certificate authority system with its myriad weaknesses.
            You need your DNS client to verify DNSSEC records itself because, otherwise, you lack the end-to-end security needed to make the whole thing work.
            It is questionable if DNSSEC is really that useful: http://sockpuppet.org/blog/2015/01/15/against-dnssec/
            DNSCurve proposed by djb is arguably better, but neither seems to get any traction at all.
            Last edited by Stellarwind; 11 February 2016, 08:34 PM.

            Comment

            Previous template Next
            Working...
            X