On Mo, 28.09.20 11:06, Andrew Lutomirski (luto(a)mit.edu) wrote:
Indeed, the problem you're trying to solve is hard.
> systemd-resolved is not supposed to be a real DNS *server*. It's
> supposed to be a good, combined client for the popular name resolution
> protocols, and the fact that we also listen on a port 53 is mostly to
> provide compat with local app code that doesn't go through glibc NSS
> for its name resolution needs. If you expect a full blown DNS server
> on port 53 then it's not what systemd-resolved is or strives to be.
Then perhaps you should have a libsystemdresolvedclient and start
convincing programs that want this behavior to use it.
Oh, we did. It's called "glibc NSS". It's pretty popular, but not
popular enough as name resolution API apparently... I doubt we could
ever be more successful than glibc with any C library I guess.
I figure we come from different generations though: C libraries is not
how you gonna convince Java or Rust or Go peope. In particular as this
is an IPC question anyway, not a language binding question.
We offer our APIs via four ways these days:
1. Via D-Bus
2. Via Varlink
3. Via NSS (through the nss-resolve module, which is ultimately just a
wrapper around the D-Bus/Varlink thing)
4. Via local DNS stub on 127.0.0.53
As it turns out the latter kinda works everywhere, it's hard to make a
case for everyone to not use it if it works for this stuff. It uses
DNS as local IPC. Which is pretty universal, and just works for almost
everyone.
Lennart
--
Lennart Poettering, Berlin