-
I was thinking about installing #mastodon onto my server. But neither #fedora nor #centos package exists. Is there any reason for it? Is there license problem or just lack of volunteers preparing it? Not even updated image on quay.io. how should open source fan install it? Is docker the only supported option?
-
I have entered discussion about #california #parentalControl on @fedora
I think a lot of misinformation or misconception is flying around. I think the California is doing it *right* way and finally it is solution not selling anonymity for protection.It is a lot work to design it well and time is tight. But the concept it correct, OS should provide age group for it's user to apps. It doesn't need identification of the parent nor child IMO.
-
Watched @pid_eins #fosdem2026 presentation record about #Varlink. I think the idea is good, except it should use some binary protocol for communication between services. RFC 8949 #CBOR seems like excellent candidate. Text serialization is not necessary if human is never direct part of a pipeline. Data conversion is not slow, but not necessary between localhost- only services.
-
Visited #CSNOG26 conference, it was great event. I had to disable #DNSSEC validation on their wifi network. Asked for a contact to local network admin to ask what is the implementation used. Surprise, they said #bind9. If you operate anything old enough capable of ``dnssec-enabled no;``, please don't use it anyway. Use ``dnssec-validation no;`` only. It will stop servfail caused by validation failures, but won't prevent validation at clients. Fix your forwarders or firewalls if that is not ok
-
My #fosdem talk in #dns room got accepted! Great news for me, although I have a lot to do to present the potential I have already in my head. But not yet in the code! I want to work also on #avahi release. Well, I should relax and refresh at the same time. Combination of all that would not be a simple task. Merry Christmas everyone!
-
#Systemd #credentials system is relatively interesting thing. I lack some support for storing private keys in a format good for applications. Can it do #pkcs11 URI provider or #FIDO2 token authentication? It seems current implementation focuses on shared secrets - passwords. If we have integrated support with TPM2 chip, I think we should aim for #webauthn instead.
-
Just checked AlmaLinux container image. CentOS Stream were just created and Alma has #bind9 CVEs fixed already in their repos. If they say they got their changes from Stream, they are lying. These are RHEL fixes for RH customers only.
-
@neverpanic @bagder we got bitten in #bind9 by RSA1 signature verification regression. Is it possible to emulate RHEL default crypto policy also on Fedora somehow? To have it refuse SHA1 verification like on RHEL?
-
@arichtman well yes. Then the problem is caused by ndots:5 option of resolv.conf. is it recommended by kubernetes documentation? Also .local domain is reserved for #mdns. Including subdomains. Asks for more issues this way.
-
#avahi has one important limitation on multicast resolution. It expects host has only one important address on AF. At least that is offered by simple protocol used by nss-mdns. It cannot send multiple addresses on single name. That is often wrong. Is there potential contributor able to design fix for that? #mdns
-
@jinna until you use any form of encrypted DNS, your ISP can read everything. No matter what server you choose. Use #DoT or #DoH or #DoQ. But in the free world you should order a new ISP contract, if possible. They may still know something, but they should not be able to tamper with responses at least. You want also #ECH in you browser enabled.
-
I had a presentation about registering #hostname on #ipv6, when #SLAAC is used. Is there any attempt to register name to local #dns server, when I am on IPv6 only network? I think dynamic update over TCP would be similar to #dhcp based registration Dnsmasq does automatically. Is there any system attempting it already?
-
@fedora @centos @almalinux @rockylinux Great thing is F41 finally stopped blocking #dnssec validators. We had validation of gpg keys in dnf3. It finally works in default installation, but is not in #dnf5 anymore.
-
-
@[email protected] @wutti Good candidate for upstream DNS encryption provider might be also #dnsdist. Versatile thing with also DoH and DoQ support, which could be used together with pihole's dnsmasq. But haven't tried to compile it on openwrt myself. Visit dnsdist.org for help.
-
@letoams we have made #unresolved package to clean the mess, even prevent the return of resolved. Yes, as soon as dnsconfd is mature enough, I plan to propose it as default solution for Fedora and RHEL.
-
@[email protected] @[email protected] @mypdns @Alonely0 @floppy_bv no, I mean #IXFR. That is incremental zone transfer. #Bind9 can do it, not sure #Unbound has that too. Allows to just receiving changes compared to previous version, but need to store journal containing each change at primary and secondary server. Using AXFR is similar to downloading hosts file over http. I think PiHole uses own modified dnsmasq build, which provides webui integration.
-
@letoams try installing #unresolved package. Has subpackage not letting systemd-resolved in. Admit I have not tried it directly from anaconda.
-
@itisiboller @jerry Ha ha, it seems more people came to "love" #resolved. I have created something similar. https://github.com/pemensik/unresolved