Bug 1095214

Summary: let NetworkManager handle /etc/resolv.conf when dns=unbound
Product: [Fedora] Fedora Reporter: Pavel Šimerda (pavlix) <psimerda>
Component: dnssec-triggerAssignee: Pavel Šimerda (pavlix) <psimerda>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: psimerda, pspacek, pwouters, ssorce, thozza, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-12 09:19:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 910823, 1105675    
Bug Blocks:    

Description Pavel Šimerda (pavlix) 2014-05-07 10:06:50 UTC
Unless dnssec-triggerd locks the /etc/resolv.conf using the immutable bit, NetworkManager is the entity that takes care of it. Apart from name server list, it also configures the domain search list and stuff like that. I believe it would be good to leave the management to NetworkManager when it's using the dns=unbound option.

I'm going to update the NM unbound plugin patch so that it writes 'nameserver 127.0.0.1' to /etc/resolv.conf. I don't know whether immutable bit should be then used by NetworkManager or not. And I don't know how much automation is expected to be done by default regarding the domain search list.

I've seen some discussions on fedora-devel, so please comment and bring in any interested parties.

Comment 1 Tomáš Hozza 2014-05-07 10:21:10 UTC
I don't think we should do it in this stage of the unbound plugin. This will
break the "hot-spot sign-on" mode of dnssec-trigger.

Until the hot-spot detection and sign-on handling is implemented in the plugin,
we can not let only NetworkManager take care of the content of resolv.conf.

Comment 2 Pavel Šimerda (pavlix) 2014-05-07 10:25:01 UTC
(In reply to Tomas Hozza from comment #1)
> I don't think we should do it in this stage of the unbound plugin. This will
> break the "hot-spot sign-on" mode of dnssec-trigger.

Fair enough. This will have to wait.

Comment 3 Pavel Šimerda (pavlix) 2014-08-12 09:19:14 UTC
As noted in bug #1067856, we're keeping the daemon and therefore keeping the management of /etc/resolv.conf in dnssec-trigger.