Hi, There is currently a large thread in devel discussing the implementation of systemd-resolved for resolving DNS. As part of that I read this: > > This is not the reality I live in though. New-style high level > > programming languages tend to avoid being just a wrapper around C > > APIs. And thus they implement minimal DNS clients themselves, > > ignoring the LLMNR, mDNS and so on. > > Not just for DNS. For SMTP, HTTP, etc. > > The modern way of coding apps is minimal marginally-compliant and > secure built-in network client (so things sort of work on the dev > system and in CI/CD unit tests), with the OS interposing a > full-featured protocol proxy in “production” deployments. For me, the implication of that is that I am no longer in control of DNS, etc. If some program has hard coded DNS servers, they bypass everything and just ignore system settings. Am I understanding correctly? If I'm not, great, I'm happy. If I am, though, how do I take back control? I have turned off NetworkManager control of DNS and use a simple caching resolver, knot-resolver. Am I OK, since all DNS access has to go through that resolver, with my configured DNS servers? In particular, I'm thinking about firefox, since as part of that thread it emerged that browsers are including their own DNS clients with things like DOH and DOT. Before I start knot-resolver, firefox cannot reach the web. Is that an indication that it does, in fact, use my DNS resolver? _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx