On Mon, Jun 6, 2016 at 12:29 PM, James <wirel...@tampabay.rr.com> wrote: > > This is about the most scary idea I have every heard of in unix/linux, > in long time. > > I guess all of those conspiracy theories were correct:: > prepare to be assimilateD! > > > https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014964.html >
That's pretty old news. In any case, you certainly don't need to use systemd as your DNS resolver if you don't want to. Systemd also doesn't touch /etc/resolv.conf contrary to what that email states. It only touches /run/systemd/resolve/resolv.conf which does absolutely nothing on its own unless you choose to symlink /etc/resolv.conf to it. The obvious options using systemd and resolv.conf are: 1. Don't use it at all - just put whatever you want in /etc/resolv.conf and it works like you'd expect it to. 2. Have systemd-networkd populate /run/systemd/resolve/resolv.conf with whatever DNS servers were discovered using DHCP and then symlink that to /etc/resolv.conf so that your system uses it. This is basically the behavior you typically expect from the likes of dhcpcd and such but instead of tampering with a file in /etc it just messes with a transient file in /run. 3. Run systemd-resolved as a caching forwarding-only DNS server and have that end up in /run/systemd/resolve/resolv.conf. I haven't really taken a serious look at the security implications of this. It is intended as a lightweight forwarding-only DNS server, and if it has any security flaws I'm sure they'll accept them as bugs. It is meant as a single-host solution - not as something you'd point your entire network at. It certainly isn't BIND. As with most systemd integrated solutions they tend to start out simple and evolve. The last time I checked systemd does not block you from installing the DNS server of your choosing, just as it doesn't block installing syslog, or cron, or a network manager, or even another service manager. You could use it as an oversized sysvinit if you wanted to (not that you would). How distros choose to use it is another matter. -- Rich
