When systemd-resolvd was first released it was the biggest mistake ever to write a new recursive resolver instead of using unbound or dnsmasq. Also since DNS ".. wasn't broken, so it did not need fixing".
I wonder if unwind will be received with the same hostility.
It's not very much like systemd.
I'm of the opinion that using C and C++ for future major work where there's not good reasons forcing you to is more trouble than it's worth, but I wouldn't mind if it was all done with the care and attention the OpenBSD developers put into their projects.
I think that’s expected, and cool, given that C is a general purpose language and very flexible.
And also in general, I'm far less concerned about software released by a well-established security-minded team than I am about whatever Lennart wants to ship...
DNS software in general has left behind a trail of security vulnerabilities. The systemd team has also left behind a trail of security vulnerabilities. I don't want a team who isn't focused on security to replace something security critical when the existing software seemed fine enough.
On the other hand, the OpenBSD team consistently delivers on small, focused utilities, built with security in mind that usually reduce the scope of the utility to the minimum required.
OpenBSD also still includes Unbound (/usr/sbin/unbound) as the standard local recursive resolver, and NSD (/usr/sbin/nsd) as the standard authoritative server.
I think it is more accurate to say that the (supposed) problem with systemd's approach is actually tight coupling as opposed to a single repo.
OpenSSH, OpenSMTP, OpenBGPD, LibreSSL, Mandoc, the recent Unwind, etc, may all be in the same repo, but none depending on each other. Try taking systemd-resolved (or journald) and running it on its own.
If the various systemd "components" were actual components that could be swapped out for something else there would be fewer complains IMHO.
systemd-as-init-replacement is/was fine. systemd-as-kitchen-sink is where things went sideways.
One of my main gripes about resolved is the D-Bus interface. Lennart needs to remove his lips from that protocol's ass.
And replace it with what? I genuinely don't know anything that exists right now that could replace it. Linux and ecosystem have a lot of IPC primitives but very few usable systems: I know of dbus and ip.
This makes it very hard to tweak a system, and I would again bring up the logging issue. Systemd-journald stores files in binary format, which is a pain. I was working on something where I accidentally bricked the system (VM, thankfully) due to configuring some in-depth security stuff. I mounted the disk and tried to read off the log, but couldn't. It's also a pain to replace it, and non-systemd alternatives are becoming increasingly poorly supported.
Systemd wants to take over temporary files, journaling, and much, much more. Many of the implementations are imperfect. That's fine; I understand it's hard to get that much right. Which is why I wish they made it easier to replace systemd components or didn't use it.
The init itself (units etc.) is good, and I actually like it. I just wish they got that polished, then made another, separate project if they thought they could do another piece better.
I mean yes, you need something to parse the logs and turn them into human readable text, but the logs are perfectly readable.
journalctl --file /mnt/var/log/journal/`</mnt/etc/machine-id`/system.journal | my-favorite-log-reader
A lot, dare I say most, of the parts of systemd actually are optional or do nothing until you use them like systemd-machined.
A lot of the annoyance that some people have with the systemd crowd is that these kind of assumptions are made all over the place. The actual software is not bad (I really do prefer dealing with systemd units than writing shell scripts for each service) but it can be hard to get past.
I agree as well with the unit comment; they're great. But I just can't get past the plans for world domination.
"Don't be snarky."
"Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something."
As far as I know, it is an explicitly stated goal of the systemd project to provide an integrated (compared to whatever each distribution assembled together to provide one) base system on top of the Linux kernel with the intent of making the best use of the features provided by the kernel.
It seems to me that Lennart looked at the tightly integrated base system + kernel approach of the BSDs and decided he wanted that for Linux too (in addition to whatever other influences he had), and then he made it happen.
systemd-resolved is a non-recursive resolver. so is dnsmasq.
This terminology is tricky, and the fact that toast0 incorrectly thinks that this is a "stub resolver" is indicative of how people get this stuff wildly wrong. A "stub resolver" is in fact the client that makes requests of the server that you are asking about.
I use terminology borrowed from HTTP when explaining this to people. A DNS server that listens on a local IP address and makes back-end queries to another DNS server is a proxy DNS server, and the fact that it hands off all of the grunt work (of stitching together the back-end partial answers to make the front-end complete answers) to another proxy DNS server makes it a forwarding proxy DNS server. If it didn't hand off the grunt work and did all of the query resolution itself, talking directly to content DNS servers, it would be a resolving proxy DNS server.
And the software that is in applications, that formulates requests and sends them over to a proxy DNS server, is a DNS client library.
184.108.40.206 is a resolving proxy.
Stub resolver: A resolver that cannot perform all resolution itself.
Stub resolvers generally depend on a recursive resolver to
undertake the actual resolution function. Stub resolvers are
discussed but never fully defined in Section 5.3.1 of [RFC1034].
They are fully defined in Section 220.127.116.11 of [RFC1123].
Systemd is not.