After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 708829 - dnssec: support per-connection DNSSEC options for local zones
dnssec: support per-connection DNSSEC options for local zones
Status: RESOLVED OBSOLETE
Product: NetworkManager
Classification: Platform
Component: IP and DNS config
git master
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on: 699810
Blocks: nm-next
 
 
Reported: 2013-09-26 11:22 UTC by Pavel Simerda
Modified: 2020-11-12 14:29 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Pavel Simerda 2013-09-26 11:22:31 UTC 
Company networks may or may not support DNSSEC on its internal nameservers. The administrator should be able to configure DNSSEC options to the local DNS zones.

Network connections (whether VPN or non-VPN) can provide a list of nameservers and a list of domains/zones that are local to the connected network. With bug #699810 in action, a local RDNSS (unbound in that case) would be configured by NetworkManager.

By default, local zones should have DNSSEC *disabled* (as many deployed local authoritative DNS servers don't support DNSSEC at all). If the administrator knows the network deployment supports DNSSEC, he should be able to *enable* it for the respective NMConnection.

Also, if the local DNSSEC deployment uses a custom certificate for its zones, not reachable by the global DNS tree, the administrator should be able to set the *certificate*.

In some cases, the settings may be too complicated to be reasonably represented in NetworkManager and then it can be configured directly in the RDNSS software. In that case it's important to provide a way to *disable* local DNS setting for that particular connection altogether.

Please note that global DNSSEC support is out of scope of this bug report. Looking forward to any feedback for the above.

Cheers,

Pavel
Comment 1 Pavel Simerda 2014-02-03 16:14:51 UTC 
Valid options:

1) Rely on the global configuration.
2) Split DNS without validation.
3) Split DNS with validation.
Comment 2 André Klapper 2020-11-12 14:29:15 UTC 
bugzilla.gnome.org is being shut down in favor of a GitLab instance. 
We are closing all old bug reports and feature requests in GNOME Bugzilla which have not seen updates for a long time.

If you still use NetworkManager and if you still see this bug / want this feature in a recent and supported version of NetworkManager, then please feel free to report it at https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/

Thank you for creating this report and we are sorry it could not be implemented (workforce and time is unfortunately limited).