Re: Improvements in name resolution, DNS and HTTPS RR and SVCB future usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Do, 17.10.24 18:11, Petr Menšík (pemensik@xxxxxxxxxx) wrote:

> > I certainly have answered the questions you raised for *myself*,
> > though I am pretty sure you are not going to like my answer: I think
> > the Varlink IPC APIs that systemd-resolved implements are the way to
> > go. There's work going on to add ALPN and stuff hooked into
> > systemd-resolved already. It provides simple SRV resolution APIs
> > already, asynchronously.
> >
> > Lennart
> >
> > --
> > Lennart Poettering, Berlin
>
> There is not anything wrong with Varlink IPC itself. There needs to be a
> decent encoding of every information shared back into the application. If
> DNS protocol should not be used for that, then there needs to be some other
> protocol to encode and decode that information. I want received information
> complex, at least (simple) possibility of it. That means the information
> transferred would not be simple anyway. It might need to be structured,
> possibly quite complex.As is HTTPS and SVCB record. Sure, SRV is relatively
> trivial in comparison. New records have arbitrary key-value parameters,
> which are future extensible.

resolved offers you "cooked" and "raw" interfaces. If you opt for the
"raw" interface you will get the data in DNS serialization (minus
label compression and such), in the IPC replies.

> I think the problem is Varlink needs a new protocol for the name resolution.
> I have seen only DBus API for systemd-resolved. It is fine for some things,
> not working for others. But Varlink is the new API, which you say is not
> necessary anymore. Network BSD sockets are still handled by applications
> themselves, often made easier with some toolkits on top. If people still
> need socket handles, then they need something like struct sockaddr address
> for it. Ideally with a way to get additional information with it. Like TTL,
> servername, priority or weight.

I cannot parse what you are writing here. Let me just say that D-Bus
is problematic for doing DNS resolution with because DNS is really
basic stuff that should work during earliest boot already. D-Bus is a
late boot concept and in fact assumes that certain other OS
functionality already works, such as user database resolution and
logging services, both of which in turn might require host name
resolution to already work. That makes D-Bus a poor choice as IPC for
doing host name resolution. Varlink being much simpler and not
requiring a broker always works, hence that's what we do.

> I think we could still use unix domain socket in some standard path and send
> queries from applications to local daemons over it. DNS protocol is
> compressed enough and binary already. I am not sure if translating DNS
> message into varlink structures will make it actually simpler to parse. It
> would require completely new code on side of applications. I would use
> simplified DNS protocol on local pipe for IPC. That is close enough to what
> some applications already implemented or have libraries for. Though we need
> to pass AF_UNSPEC address request in single query, not like separate A+AAAA
> requests arriving to cache service.

First of all, as mentioned "raw" RR lookups done via the Varlink IPC
interface encode the RR data in DNS serialization.

I think using the DNS protocol itself is highly problematic however,
because the protocol is just so complex these days with multiple
transports, and time-out/repeat behaviour that is just a complete mess
when applied to local IPC.

Dunno. Varlink is a trivial IPC. In systemd-resolved we support it
side-by-side with D-Bus. I have zero interest in adding a 3rd IPC
interface, hence whatever you come up with, expect us to be very cool
on the idea on adding more.

> The most important problem of existing system interface are blocking only
> calls. Every more complex program runs some kind of event loop, capable of
> handling multiple sockets and timeouts in a single thread. But that is not
> possible with API systems provide today. Modern programs are asynchronous
> for a good reason. I think providing them low-level building blocks still
> makes sense. They may be used inside higher level languages. I don't think
> DBus should be used, just because it has already existing integration to
> toolkits. It does not seem to be high-speed enough.

D-Bus might not be great for "high-speed", but uh, it's still a
a lot faster than a DNS lookup would require it. So, what can I
say. There are good reasons to avoid D-Bus for this (see above), but
"performance" really isn't it.

Lennart

--
Lennart Poettering, Berlin
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux