| 1 |
On Mon, Jun 6, 2016 at 12:29 PM, James <wireless@×××××××××××.com> wrote: |
| 2 |
> |
| 3 |
> This is about the most scary idea I have every heard of in unix/linux, |
| 4 |
> in long time. |
| 5 |
> |
| 6 |
> I guess all of those conspiracy theories were correct:: |
| 7 |
> prepare to be assimilateD! |
| 8 |
> |
| 9 |
> |
| 10 |
> https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014964.html |
| 11 |
> |
| 12 |
|
| 13 |
That's pretty old news. In any case, you certainly don't need to use |
| 14 |
systemd as your DNS resolver if you don't want to. |
| 15 |
|
| 16 |
Systemd also doesn't touch /etc/resolv.conf contrary to what that |
| 17 |
email states. It only touches /run/systemd/resolve/resolv.conf which |
| 18 |
does absolutely nothing on its own unless you choose to symlink |
| 19 |
/etc/resolv.conf to it. The obvious options using systemd and |
| 20 |
resolv.conf are: |
| 21 |
1. Don't use it at all - just put whatever you want in |
| 22 |
/etc/resolv.conf and it works like you'd expect it to. |
| 23 |
2. Have systemd-networkd populate /run/systemd/resolve/resolv.conf |
| 24 |
with whatever DNS servers were discovered using DHCP and then symlink |
| 25 |
that to /etc/resolv.conf so that your system uses it. This is |
| 26 |
basically the behavior you typically expect from the likes of dhcpcd |
| 27 |
and such but instead of tampering with a file in /etc it just messes |
| 28 |
with a transient file in /run. |
| 29 |
3. Run systemd-resolved as a caching forwarding-only DNS server and |
| 30 |
have that end up in /run/systemd/resolve/resolv.conf. I haven't |
| 31 |
really taken a serious look at the security implications of this. It |
| 32 |
is intended as a lightweight forwarding-only DNS server, and if it has |
| 33 |
any security flaws I'm sure they'll accept them as bugs. It is meant |
| 34 |
as a single-host solution - not as something you'd point your entire |
| 35 |
network at. It certainly isn't BIND. |
| 36 |
|
| 37 |
As with most systemd integrated solutions they tend to start out |
| 38 |
simple and evolve. |
| 39 |
|
| 40 |
The last time I checked systemd does not block you from installing the |
| 41 |
DNS server of your choosing, just as it doesn't block installing |
| 42 |
syslog, or cron, or a network manager, or even another service |
| 43 |
manager. You could use it as an oversized sysvinit if you wanted to |
| 44 |
(not that you would). How distros choose to use it is another matter. |
| 45 |
|
| 46 |
-- |
| 47 |
Rich |
Archives