<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 11/17/2014 06:54 PM, Rahul Sundaram
wrote:<br>
</div>
<blockquote
cite="mid:CAHc5q3c6HQeN=RYeLnVo-Ki83HWLCnmVKivMGVvQKdno-n97pg@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra">Hi<br>
<br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">On Mon, Nov 17, 2014 at 5:09 PM,
Chris Adams<span dir="ltr"></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"><span class=""><br>
</span> Why did the systemd<br>
project add this to the scope of the project for "a system
and service<br>
manager for Linux"? </blockquote>
<div><br>
</div>
<div>This was something that could have been easily asked to
systemd developers rather than the long rant that was
posted. In any case,<br>
<br>
<a moz-do-not-send="true"
href="https://lwn.net/Articles/621201/">https://lwn.net/Articles/621201/</a><br>
<br>
</div>
<div>Also CoreOS sponsored development of a lot of network
stack. You can refer to their guides on how they are
using it.<br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
"already from the basic design resolved is very different from
unbound. resolved keeps a seperate "scope" for the DNS servers on
each interface. A "scope" is a resolver state machine plus a cache.
That way, we can neatly separate VPN DNS servers from internet DNS
servers, and merge them transparently. That means that with resolved
in the mix for the first time you don't lose access to your LAN's
DNS names, fully automatically, without any manual hacks. Also, as
interfaces come and go their caches do too with this scheme, hence
all the cache flushing complexity of dnssec-trigger doesn't exist at
all. Then, because we actually implement LLMNR and DNS int he same
stack (as well as mDNS very soon), we can transparently merge those
protocols too."<br>
<br>
For those of us that deal with VPNs, we know how hard split horizon
is, and actually how important it is for good performance. It is
almost a shame it took until now for someone to address DNS by
Interface. Actually it coincides with work in IETF on such matters.<br>
<br>
<br>
</body>
</html>