Re: ssh infested by systemd.resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Apr 24, 2022 at 12:00:50PM -0500, Michael Hennebry wrote:
> On Sat, 23 Apr 2022, Samuel Sieb wrote:
> 
> > The benefits have been well explained.  The problem is that some people
> > really don't like change even if it's for the better.  And sometimes
> > things do break when changed and instead of finding out why it breaks
> > and how to fix, they just say how terrible the new software is and that
> > it should never have been used.
> 
> Nyet.
> OP was not complaining about change.
> OP was complaining about his inability to change his system.
> OP did discover the reason.
> OP discovered the reason was systemd code
> apparently designed to frustrate just that change.
> OP's complaint was not about systemd generally,
> 'twas about a single rather awful policy decision.
> 
> What would a systemd evangelist suggest as a minimal workaround?

I suggest the OP misunderstood the setup or intended setup. 

The scriptlets will set /etc/resolv.conf to point to the
systemd-resolved resolver if: 

* The /etc/resolv.conf file doesn't exist yet
AND
* systemd is being used to boot (so, it's not a container, etc)
AND
* systemd-resolved service is enabled
AND
* DNSStubListener is not set to no/false/off in systemd/resolved.conf

So, if you wish to have systemd-resolved not manage your dns, you can: 
* make a /etc/resolv.conf file and put whatever you want in it. 
* disable the systemd-resolved service
* Set DNSStubListener to no/false/off in systemd/resolved.conf

There's no reason you can't disable this if you like (barring bugs which
there have been some of definitely). 

That said, there's lots of advantages to systemd-resolved... it allows
you to split dns based on interface (ie, vpn requests can go to a server
on the vpn instead of to all nameservers in the public interfaces), you
can override lots of other things on a per interface basis, you can
manage the dns cache easily, you can enable/disable/set dnssec prefs,
etc. 

kevin

Attachment: signature.asc
Description: PGP signature

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux