Rahul Sundaram writes:
Hi
On Mon, Nov 17, 2014 at 5:09 PM, Chris Adams wrote:
Why did the systemd
project add this to the scope of the project for "a system and service
manager for Linux"?
This was something that could have been easily asked to systemd developers
rather than the long rant that was posted. In any case,
Right. Like "systemd developers" have such an established track record of
listening to feedback from the community, and the DNS cache was implemented
only pursuant to an open, lengthy discussion on the merits and disadvantages
of it.
Er… I don't think so.
The scenario outlined there would be a valid argument for a simple DNS
proxy, and nothing more. I could see this being a perfectly reasonable, and
prudent, argument for a simple DNS proxy, that all containers get pointed
to, and which forwards the DNS queries to whatever the current outside DNS
server the host is configured for, at the moment.
That makes perfect sense. A cobbled-together DNS cache, on the other hand,
makes no sense, whatsoever. Reports of a compromised container poisoning the
systemd DNS cache, and uses that to attack other containers on the same
systems, in 3… 2… 1…
This is really nothing more than a NIH syndrome. Really, that's all this is.