Would be unbound good candidate to replace systemd-resolved on desktop?

Tom Samplonius tom at samplonius.org
Fri May 27 04:46:16 UTC 2022 

  Well, nothing is stopping anyone from using unbound as a DNS cache today.  It seems that the only issue is making it “default”, which requires hacking on the systemd-resolved subsystem.  I’m a big systemd supporter, but systemd should remain a service management layer, not try to re-implement some sort of per-service generic API for every possible service.  What is next?  A systemd-twitter subsystem to manage my twitter access in a generic way?  And then rewrite all applications to use d-bus to send API calls to the systemd-twitter subsystem, which then translates those calls to to Twitter’s API?  There is such a thing as too much abstraction.

  I also find NetworkManager totally unsuitable for servers, and I generally delete it.  Its use case is really for laptops, which I don’t care about.

  And I don’t care about split DNS either.  It isn’t a feature that I’d ever use, or recommend anyone else use.  If you have to do split DNS, the capability already exists.  No need to write a new abstraction to it. 


Tom


> On May 26, 2022, at 1:51 PM, Petr Menšík via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
> 
> Does no answer mean nobody would like unbound as a default DNS cache?
> Does systemd-resolved fulfill your needs?
> 
> On 5/16/22 12:25, Petr Menšík wrote:
>> Hi,
>> 
>> I had a discussion with some our people involved in systemd development.
>> They would like some decision about RHEL 10 DNS subsystem. Of course
>> they would like to have systemd-resolved similar to Fedora or Ubuntu.
>> 
>> I on the other hand would like to have something following properly RFC
>> and standards. I think unbound is the closest match. It has good runtime
>> reconfiguration support. It knows even how to do DNS over TLS and can
>> switch to it runtime.
>> 
>> But is missing:
>> 
>> - integration with NM manager configuring split-DNS domains properly.
>> Similar to dns=dnsmasq configuration in NetworkManager.conf.
>> - ability to pass example.corp. names validation, if they exist on
>> forwarders provided by local network. Or any private TLD, such as .home
>> or .lan. Could be solved by disabling dnssec validation by default, just
>> like systemd-resolved.
>> - missing d-bus API to allow VPNs forwarders configuration and split-DNS
>> zones definition
>> - no mDNS or LLMNR support
>> - no custom NSS plugin (I think this is unimportant)
>> - no d-bus API offering asynchronous resolution to application (not sure
>> how much this is used)
>> 
>> I would like something not blocking DNSSEC records by default. Do you
>> think it is worth working on missing items? Would you recommend to
>> install unbound on all desktop installations by default? Why yes? Why
>> not? Do you see any blocker I haven't mentioned?
>> 
>> Any feedback would be welcomed!
>> 
>> Cheers,
>> Petr
>> 
> -- 
> Petr Menšík
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemensik at redhat.com
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>

More information about the Unbound-users mailing list