Version 1

Presentation: systemd-resolved as the default DNS resolver

What is missing to enable resolved with DNSSEC on all systemd installations?

Event large

The DNSSEC functionality in systemd-resolved is complete enough for early adopters. The D-Bus API is very flexible and allows rich functionality to be exposed to clients in a convenient and secure manner. Ability to enable/disable DNSSEC mode for individual queries allows captive portals to be handled nicely. Caching makes local clients fast. But there are also some unresolved issues: we don't have support for DNSSEC root key rollover, caching can leak information between clients, queries are sometimes sent to too many servers, leaking information, systemd-resolved is not the default in Fedora. This talk will discuss current status of the systemd DNS stack — what is implemented, what bugs are open — and what is planned in the near future — and what else is required for universal adoption.

After discussing status quo and the near future, I want to start a discussion on what kind of functionality is missing, and what bugs (if any) are the most pressing for the audience.


Day: 2016-09-30
Start time: 15:30
Duration: 00:30
Room: Main stage
Track: Networking



Click here to let us know how you liked this event.

Concurrent Events