Would be unbound good candidate to replace systemd-resolved on desktop?

Petr Menšík pemensik at redhat.com
Thu May 26 20:51:22 UTC 2022


Does no answer mean nobody would like unbound as a default DNS cache?
Does systemd-resolved fulfill your needs?

On 5/16/22 12:25, Petr Menšík wrote:
> Hi,
>
> I had a discussion with some our people involved in systemd development.
> They would like some decision about RHEL 10 DNS subsystem. Of course
> they would like to have systemd-resolved similar to Fedora or Ubuntu.
>
> I on the other hand would like to have something following properly RFC
> and standards. I think unbound is the closest match. It has good runtime
> reconfiguration support. It knows even how to do DNS over TLS and can
> switch to it runtime.
>
> But is missing:
>
> - integration with NM manager configuring split-DNS domains properly.
> Similar to dns=dnsmasq configuration in NetworkManager.conf.
> - ability to pass example.corp. names validation, if they exist on
> forwarders provided by local network. Or any private TLD, such as .home
> or .lan. Could be solved by disabling dnssec validation by default, just
> like systemd-resolved.
> - missing d-bus API to allow VPNs forwarders configuration and split-DNS
> zones definition
> - no mDNS or LLMNR support
> - no custom NSS plugin (I think this is unimportant)
> - no d-bus API offering asynchronous resolution to application (not sure
> how much this is used)
>
> I would like something not blocking DNSSEC records by default. Do you
> think it is worth working on missing items? Would you recommend to
> install unbound on all desktop installations by default? Why yes? Why
> not? Do you see any blocker I haven't mentioned?
>
> Any feedback would be welcomed!
>
> Cheers,
> Petr
>
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB



More information about the Unbound-users mailing list