Would be unbound good candidate to replace systemd-resolved on desktop?

Petr Menšík pemensik at redhat.com
Mon May 16 10:25:00 UTC 2022


I had a discussion with some our people involved in systemd development.
They would like some decision about RHEL 10 DNS subsystem. Of course
they would like to have systemd-resolved similar to Fedora or Ubuntu.

I on the other hand would like to have something following properly RFC
and standards. I think unbound is the closest match. It has good runtime
reconfiguration support. It knows even how to do DNS over TLS and can
switch to it runtime.

But is missing:

- integration with NM manager configuring split-DNS domains properly.
Similar to dns=dnsmasq configuration in NetworkManager.conf.
- ability to pass example.corp. names validation, if they exist on
forwarders provided by local network. Or any private TLD, such as .home
or .lan. Could be solved by disabling dnssec validation by default, just
like systemd-resolved.
- missing d-bus API to allow VPNs forwarders configuration and split-DNS
zones definition
- no mDNS or LLMNR support
- no custom NSS plugin (I think this is unimportant)
- no d-bus API offering asynchronous resolution to application (not sure
how much this is used)

I would like something not blocking DNSSEC records by default. Do you
think it is worth working on missing items? Would you recommend to
install unbound on all desktop installations by default? Why yes? Why
not? Do you see any blocker I haven't mentioned?

Any feedback would be welcomed!


Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

More information about the Unbound-users mailing list