Hi, I had a discussion with some our people involved in systemd development. They would like some decision about RHEL 10 DNS subsystem. Of course they would like to have systemd-resolved similar to Fedora or Ubuntu.
I on the other hand would like to have something following properly RFC and standards. I think unbound is the closest match. It has good runtime reconfiguration support. It knows even how to do DNS over TLS and can switch to it runtime. But is missing: - integration with NM manager configuring split-DNS domains properly. Similar to dns=dnsmasq configuration in NetworkManager.conf. - ability to pass example.corp. names validation, if they exist on forwarders provided by local network. Or any private TLD, such as .home or .lan. Could be solved by disabling dnssec validation by default, just like systemd-resolved. - missing d-bus API to allow VPNs forwarders configuration and split-DNS zones definition - no mDNS or LLMNR support - no custom NSS plugin (I think this is unimportant) - no d-bus API offering asynchronous resolution to application (not sure how much this is used) I would like something not blocking DNSSEC records by default. Do you think it is worth working on missing items? Would you recommend to install unbound on all desktop installations by default? Why yes? Why not? Do you see any blocker I haven't mentioned? Any feedback would be welcomed! Cheers, Petr -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
