Latest systemd news

[Sam Varshavchik]

Rahul Sundaram writes:

> Hi
>
> On Mon, Nov 17, 2014 at 5:09 PM, Chris Adams wrote:
>
>      Why did the systemd
>    project add this to the scope of the project for "a system and service
>    manager for Linux"? 
>
>
>
> This was something that could have been easily asked to systemd developers  
> rather than the long rant that was posted.  In any case,

Right. Like "systemd developers" have such an established track record of  
listening to feedback from the community, and the DNS cache was implemented  
only pursuant to an open, lengthy discussion on the merits and disadvantages  
of it.

> <URL:https://lwn.net/Articles/621201/>https://lwn.net/Articles/621201/

Er… I don't think so.

The scenario outlined there would be a valid argument for a simple DNS  
proxy, and nothing more. I could see this being a perfectly reasonable, and  
prudent, argument for a simple DNS proxy, that all containers get pointed  
to, and which forwards the DNS queries to whatever the current outside DNS  
server the host is configured for, at the moment.

That makes perfect sense. A cobbled-together DNS cache, on the other hand,  
makes no sense, whatsoever. Reports of a compromised container poisoning the  
systemd DNS cache, and uses that to attack other containers on the same  
systems, in 3… 2… 1…

This is really nothing more than a NIH syndrome. Really, that's all this is.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20141117/83e42ac3/attachment.sig>