Would be unbound good candidate to replace systemd-resolved on desktop?

Petr Menšík pemensik at redhat.com
Fri May 27 11:22:12 UTC 2022


On 5/27/22 06:46, Tom Samplonius wrote:
>   Well, nothing is stopping anyone from using unbound as a DNS cache today.  It seems that the only issue is making it “default”, which requires hacking on the systemd-resolved subsystem.  I’m a big systemd supporter, but systemd should remain a service management layer, not try to re-implement some sort of per-service generic API for every possible service.  What is next?  A systemd-twitter subsystem to manage my twitter access in a generic way?  And then rewrite all applications to use d-bus to send API calls to the systemd-twitter subsystem, which then translates those calls to to Twitter’s API?  There is such a thing as too much abstraction.
Agreed. systemd as services management services is great. but
implementation of every system part in systemd is very wrong. resolved,
networkd, timesyncd. I don't understand why they put it all into a
single project.
>   I also find NetworkManager totally unsuitable for servers, and I generally delete it.  Its use case is really for laptops, which I don’t care about.
NM is default also on recent RHELs, which target more servers than
workstations. I think it is not so bad, it has its own advantages. I
admit it is much better on laptops or workstations. But it is considered
the best uniform interface to network configuration on RHEL. When you
include vlans or more difficult configurations, alternatives seem to be
too much scattered.
>   And I don’t care about split DNS either.  It isn’t a feature that I’d ever use, or recommend anyone else use.  If you have to do split DNS, the capability already exists.  No need to write a new abstraction to it. 

I maintain bind9, unbound and dnsmasq on RHEL and Fedora. They all have
ability to send queries for different names to different servers. But
they all need very different configuration steps. While it is not a
problem on server, where its configuration does not change often, it is
different on mobile devices. I don't want to reconfigure my laptop, when
I take it home from work or the other way around. Let alone using it in
public transport of café. I search for a way to obtain required
information from network configuration and pass it to any capable
service to configure it properly. I found a way to do that using
openresolv, but that is quite clumsy.

dnsmasq NM plugin is another way. It works with NM only, but that is the
only supported option for us anyway. It already integrates with
systemd-resolved. It could and should work with unbound. It could create
include snippet for bind9, but I doubt that would be used often.
knot-resolver or pdns-recursor might be better alternatives. But I am
not sure how implementation independent it can be and still possible to
implement.

But I would like not only NM managed VPN services to register its name
subtree. Paul's libreswan is one example. What about openvpn and
wireguard? Or some weird Cisco stuff I don't know many things about?
Resolved can be configured via dbus, which is implementation independent
enough.

If resolved did not have so many bugs, it would be a nice way to have
uniform way to configure it from different services. It aspires for it.
But is not usable for me.

> Tom
>
>
>> On May 26, 2022, at 1:51 PM, Petr Menšík via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
>>
>> Does no answer mean nobody would like unbound as a default DNS cache?
>> Does systemd-resolved fulfill your needs?
>>
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB



More information about the Unbound-users mailing list