Quoting Alessandro Selli (alessandroselli@???):

> This is something that belongs to a different stage in the OS
> installation, when:
>
> 1) the user determined that a DNS server must be installed;
> 2) that it has to run as a local recursive nameserver;
> 3) that a particular implementation of such a server must be installed.

This view amounts to 'consign it to an expert installation profile', which
then is functionally the same as 'don't bother', as discussed below.

I should stress that I didn't _literally_ have in mind the installer
offering the user all five open source recursive nameservers for Linux.
I showed all five checkboxes to stress the breadth of options _all_ of
which are being ignored -- even in your amazing and rather amusing list.

> I think most people will be either put off by such a question (the non
> techies) or they will bemoan the amount of detailed questions they must
> answer to get a basic system installed when they're in a hurry/have to
> install a number of systems together.

This logic leads to Ubuntu. ;->

I'm certainly not offended by droolproofed distro installers that ask
the fewest possible questions of an installing user; I merely note the
lost opportunity. There is obviously a happy middle ground. I'm
merely suggesting that if you're already offering a screen to input the
IPs of recursive nameservers (and Devuan is), then a checkbox for a
local recursive nameserver is a trivial addition with disproportionally
large benefits.



> This goes too far from solving the problem of getting a network
> interface up and working in the shortest possible time imposing the
> smallest possible amount of hassle on the user in order to get the
> damned thing installed.

Actually, I misstated slightly: This logic leads to Klaus Knopper's
bulk-installation Python script 0wn (= 'zero work needed') in Knoppix,
http://www.knopper.net/knoppix/0wn-en.html. I admire that script,
really. It offers breathtakingly little opportuntiy to tweak anything,
just bulk-installs the entirety of Knoppix to a target drive
(overwriting the HD and autopartitioning[1]), prompts for hostname, prompts
for IP & nameserver IP, prompts for root & user auth details, prompts
for hostname, installs a bootloader, and exits. But I'm glad
less-automagic installation exists.



> Of course a local recursive DNS server too needs some administrative
> attention, though it is simpler than an authoritative one.

I don't mean to sound hostile, but _what_ administrative attention?
To the best of my recollection, there's nothing to configure in the
general case: It's either a running daemon or a not-running daemon.
You either are pointing to it via some host's /etc/resolv.conf, or you
are not.

There are, of course, things one could tweak if utterly determined to
find something to fool with:

The packages in question _do_ support access ACLs (which netblocks
are allowed access), and most or all of them have a configuration item
that could be adjusted to specify which network interfaces to bind to.
Some of them (probably; I'm not checking) permit specifying a
non-default port to bind to, instead of 53.

These things exist because, basically, this is Unix and it's a network
daemon, but IMO it's misleading to claim this means it 'needs some
administrative attention', just because some settings exist that you can
fool with.


Point is, the user can be offered a local recursive nameserver (I
suggest Unbound on grounds of code quality and clean implementation)
running and made _the_ nameserver bound to loopback and accessible from
localhost only by default. This can and IMO should be presented as a
simple thing. Consigning it to an 'expert installation profile' means
the only people who'll use it (in practice) are the same people who
already can and do use the 'expert installation profile' called root
shell:

# apt-get install unbound
# sed -i 's/^nameserver/#nameserver/' /etc/resolv.conf
# echo nameserver 127.0.0.1 >> /etc/resolv.conf
# chattr +i /etc/resolv.conf

So, suggesting 'consign it to an expert installation profile' is
functionally the same as 'don't bother', except involving more work.

> And please keep in mind that in many Enterprise networks nodes are not
> allowed to perform recursive queries on their own....

If this matters, the installer could attempt a dig of devuan.org's DNS,
and if it doesn't work, tell the user 'the recursive nameserver you
requested isn't going to work here'. I am _not_ making this suggestion
because I suspect blocking or intercepting outbound traffic to port 53
is really rare, but _if_ concerned, that would be the logical response.

If by 'allowed' you mean 'the company wouldn't like it', then there are
plenty of other contents in Devuan that particular corporations aren't
going to like, either.

[1] Er, the older automagic installer, knoppix-installer, did
destructive overwrite of the target drive. Newer installer 0wn
offers some options including an autonomic partitioner.

-- 
Your font is:      Proportional  Monospaced
                                      ^
Matt McIrvin's amazing Font-o-Meter!