On Dec 21, 2022, at 05:39, Petr Menšík <pemen...@redhat.com> wrote: > > >> This happens before the "dns" entry, so before unbound is used. So for >> apps on localhost this should work fine? It is always read (and not >> cached) > That is not strictly true. Some software may use DNS explicitly via > specialized libraries, like libresolv, ldns, libunbound, etc.
Like libunbound, they can offer that functionality. > dig and host tools are the best examples. The host command was obsoleted before the ifconfig command was obsoleted. The dig command is a dns specific tool. > I am more inspired by dnsmasq, which I maintain also. But both of those is > able to watch /etc/hosts and auto-load its entries into the local DNS cache. You mean not just to “cache” for local host but to serve for the network ? For that I would use inbound-control to feed it. > I think it might be useful in some cases to have very simple way to add > address override for some names on whole machine. I use it sometimes to > create common records for virtual machines or containers running on my > machine. You can drop these in /etc/unbound.d/ ? > Sure, it should be possible to disable this behavior. An unbound module or > plugin might be a way. Instead of using your command to add the entry to /etc/hosts, wrap it in an unbound command to either inject in the running daemon or put it in the .d directory if you want it to persist. You could reload/restart unbound on each change if you are just serving the local machine ? > >> I guess I feel /etc/hosts is there only for localhost apps in case of >> broken DNS. The days you could leave something out of DNS by putting in >> the /etc/hosts file are kinda long gone. > Is that true? Can you give an example, why it is so? Isn't it the argument > for adding /etc/hosts to the DNS then? I think it’s a reason to stop using /etc/hosts For fedora, I insured you could configure local data in a persistent way using the .d directory. People putting thousands of entries in /etc/hosts for anti-spam and ad blocking is also not the best and fully supported using the .d directly with unbound. > I just would like ability to provide a way both dnsmasq and systemd-resolved > have. Yes, I know it is possible to use unbound-control to add local zone and > local data into it. But that is too complicated for ordinary user IMO. Then I guess write a systemd ExecStartPost= option for unbound to loop over /etc/hosts and run unbound-control for the user ? I would approve such a change for the fedora package. > It is not persistent. sudoedit /etc/hosts is simple enough even for (a bit) > advanced user. Should be relatively simple to implement also. It should not > break anything if enabled by default on workstations. I think this would be covered by the above change. Paul
