Public bug reported:
Once we have systemd-resolved's stub DNS resolver on a solid footing
everywhere (LP: #1682499; LP: #1647031), we should stop using
libnss_resolve.so for name resolution and *only* use the DNS stub
resolver via libnss_dns.so.
The reason is that libnss_resolve.so is non-standard, depends on more
moving parts (dbus+added NSS module), and consistently masks bugs in the
stub DNS resolver or its configuration that are only discovered when
someone tries to use software that does not use the NSS configuration of
the host (including, but not limited to, chroots; containers; software
written in languages that don't use libc).
Since systemd-resolved *must* continue to provide a robust stub DNS
resolver for the foreseeable future, having the dbus service in use /as
well/ is unwelcome complexity that causes bugs to manifest far from the
point of introduction.
Since the systemd-resolved service is currently only enabled if the
libnss-resolve package is installed, this enablement logic would need to
be migrated into the base systemd package.
I believe we should consider making this change even in SRU due to the
pernicious effects of the current behavior. However, that will require
some thought to come up with a reasonable SRU test case with low risk of
regression.
** Affects: systemd (Ubuntu)
Importance: High
Status: Triaged
** Changed in: systemd (Ubuntu)
Importance: Undecided => High
** Changed in: systemd (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1685045
Title:
stop using libnss_resolve.so for name resolution
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1685045/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
