Rahul Sundaram writes:
Hi On Mon, Nov 17, 2014 at 5:09 PM, Chris Adams wrote: Why did the systemd project add this to the scope of the project for "a system and service manager for Linux"?This was something that could have been easily asked to systemd developers rather than the long rant that was posted. In any case,
Right. Like "systemd developers" have such an established track record of listening to feedback from the community, and the DNS cache was implemented only pursuant to an open, lengthy discussion on the merits and disadvantages of it.
<URL:https://lwn.net/Articles/621201/>https://lwn.net/Articles/621201/
Er… I don't think so.The scenario outlined there would be a valid argument for a simple DNS proxy, and nothing more. I could see this being a perfectly reasonable, and prudent, argument for a simple DNS proxy, that all containers get pointed to, and which forwards the DNS queries to whatever the current outside DNS server the host is configured for, at the moment.
That makes perfect sense. A cobbled-together DNS cache, on the other hand, makes no sense, whatsoever. Reports of a compromised container poisoning the systemd DNS cache, and uses that to attack other containers on the same systems, in 3… 2… 1…
This is really nothing more than a NIH syndrome. Really, that's all this is.
Attachment:
pgpE3FGmk4ueL.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
