Hide Forgot
Description of problem: When using NetworkManager with dns=unbound, NM expects dnssec-trigger to update unbound configuration based on network events. Current dnssec-trigger version is too old to have that capability so unbound rebase seems a good thing to do at this point. Version-Release number of selected component (if applicable): dnssec-trigger-0.11-21.el7.x86_64 How reproducible: always Steps to Reproduce: 1. setup NM with dns=unbound (also enable unbound and dnssec-triggerd services) 2. change network configuration 3. Actual results: NetworkManager[18412]: <warn> could not spawn process '/usr/libexec/dnssec-trigger-script --async --update': Failed to execute child process "/usr/libexec/dnssec-trigger-script" (No such file or directory) NetworkManager[18412]: <warn> DNS: plugin unbound update failed Expected results: dnssec updates unbound configuration Additional info:
While rebasing dnssec-trigger is definitely a good idea, it is not yet in a shape in which we can put in into RHEL. The version available in RHEL-7 does not need the NetworkManager "unbound" DNS module. It will function in autonomous way. This means you don't need to set "dns=" in NM configuration at all, or you can set it to "dns=none". NM is usually rebased to the latest Upstream version, therefore its code is ahead of what is available in dhssec-trigger. For more information about how to set-up NM in RHEL-7, please see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_DNS_Traffic_with_DNSSEC.html
*** Bug 1110136 has been marked as a duplicate of this bug. ***
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.