On 5/27/22 06:46, Tom Samplonius wrote: > Well, nothing is stopping anyone from using unbound as a DNS cache today. > It seems that the only issue is making it “default”, which requires hacking > on the systemd-resolved subsystem. I’m a big systemd supporter, but systemd > should remain a service management layer, not try to re-implement some sort > of per-service generic API for every possible service. What is next? A > systemd-twitter subsystem to manage my twitter access in a generic way? And > then rewrite all applications to use d-bus to send API calls to the > systemd-twitter subsystem, which then translates those calls to to Twitter’s > API? There is such a thing as too much abstraction. Agreed. systemd as services management services is great. but implementation of every system part in systemd is very wrong. resolved, networkd, timesyncd. I don't understand why they put it all into a single project. > I also find NetworkManager totally unsuitable for servers, and I generally > delete it. Its use case is really for laptops, which I don’t care about. NM is default also on recent RHELs, which target more servers than workstations. I think it is not so bad, it has its own advantages. I admit it is much better on laptops or workstations. But it is considered the best uniform interface to network configuration on RHEL. When you include vlans or more difficult configurations, alternatives seem to be too much scattered. > And I don’t care about split DNS either. It isn’t a feature that I’d ever > use, or recommend anyone else use. If you have to do split DNS, the > capability already exists. No need to write a new abstraction to it.
I maintain bind9, unbound and dnsmasq on RHEL and Fedora. They all have ability to send queries for different names to different servers. But they all need very different configuration steps. While it is not a problem on server, where its configuration does not change often, it is different on mobile devices. I don't want to reconfigure my laptop, when I take it home from work or the other way around. Let alone using it in public transport of café. I search for a way to obtain required information from network configuration and pass it to any capable service to configure it properly. I found a way to do that using openresolv, but that is quite clumsy. dnsmasq NM plugin is another way. It works with NM only, but that is the only supported option for us anyway. It already integrates with systemd-resolved. It could and should work with unbound. It could create include snippet for bind9, but I doubt that would be used often. knot-resolver or pdns-recursor might be better alternatives. But I am not sure how implementation independent it can be and still possible to implement. But I would like not only NM managed VPN services to register its name subtree. Paul's libreswan is one example. What about openvpn and wireguard? Or some weird Cisco stuff I don't know many things about? Resolved can be configured via dbus, which is implementation independent enough. If resolved did not have so many bugs, it would be a nice way to have uniform way to configure it from different services. It aspires for it. But is not usable for me. > Tom > > >> On May 26, 2022, at 1:51 PM, Petr Menšík via Unbound-users >> <unbound-users@lists.nlnetlabs.nl> wrote: >> >> Does no answer mean nobody would like unbound as a default DNS cache? >> Does systemd-resolved fulfill your needs? >> -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
