Does no answer mean nobody would like unbound as a default DNS cache? Does systemd-resolved fulfill your needs?
On 5/16/22 12:25, Petr Menšík wrote: > Hi, > > I had a discussion with some our people involved in systemd development. > They would like some decision about RHEL 10 DNS subsystem. Of course > they would like to have systemd-resolved similar to Fedora or Ubuntu. > > I on the other hand would like to have something following properly RFC > and standards. I think unbound is the closest match. It has good runtime > reconfiguration support. It knows even how to do DNS over TLS and can > switch to it runtime. > > But is missing: > > - integration with NM manager configuring split-DNS domains properly. > Similar to dns=dnsmasq configuration in NetworkManager.conf. > - ability to pass example.corp. names validation, if they exist on > forwarders provided by local network. Or any private TLD, such as .home > or .lan. Could be solved by disabling dnssec validation by default, just > like systemd-resolved. > - missing d-bus API to allow VPNs forwarders configuration and split-DNS > zones definition > - no mDNS or LLMNR support > - no custom NSS plugin (I think this is unimportant) > - no d-bus API offering asynchronous resolution to application (not sure > how much this is used) > > I would like something not blocking DNSSEC records by default. Do you > think it is worth working on missing items? Would you recommend to > install unbound on all desktop installations by default? Why yes? Why > not? Do you see any blocker I haven't mentioned? > > Any feedback would be welcomed! > > Cheers, > Petr > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB