feature request: modify getrrsetbyname() to use libunbound
Darren Tucker
dtucker at zip.com.au
Wed May 9 16:41:32 EST 2012
On Wed, May 09, 2012 at 04:20:33AM +0000, Luca Filipozzi wrote:
[...]
> We propose that openssh be modified as follows:
>
> (1) introduce a new ssh_config directive: UnboundConfigurationFile
>
> (2) modify getrrsetbyname() such that, if UnboundConfigurationFile is
> set, then the unbound resolver is used; if not, then libc
>
> (3) provide a default unbound configuration in /etc/ssh/ssh_unbound_conf
OK, here's my opinion:
- I am OK with adding support for libunbound (we already have
compile-time support for an alternate resolver, ldns), however
- I am oposed to a new configuration file option because
Portable-specific options increase the maintenance burden in both
directions.
But first: why doesn't the system resolver support dnssec? Wouldn't the
effort be better spent fixing that instead?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list