Bug 1112310 - when all fallbacks fail, dnssec-trigger blindly configures full recursion
Summary: when all fallbacks fail, dnssec-trigger blindly configures full recursion
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: dnssec-trigger
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Pavel Šimerda (pavlix)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-23 14:45 UTC by Pavel Šimerda (pavlix)
Modified: 2014-09-23 08:38 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-09-23 08:38:18 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Pavel Šimerda (pavlix) 2014-06-23 14:45:08 UTC
When all fallbacks fail (which they always do due to bug #1109292), dnssec-triggerd configures unbound to use full recursion (which will be often blocked) without checking whether the full recursion is working or not.

The result is a user without DNS resolution but also without any information suggesting why that happens and how to at least get connectivity not secured by DNSSEC, which may well be the only way to access internet resources.

Comment 1 Pavel Šimerda (pavlix) 2014-09-23 08:38:18 UTC
We talked about this and the conclusion is that full recursion is currently considered a good way to offload the infrastructure servers, so it's not only set up when fallbacks don't work, but it's even attempted first.


Note You need to log in before you can comment on or make changes to this bug.