Latest systemd news
mrsam at courier-mta.com
Tue Nov 18 02:35:04 UTC 2014
Rahul Sundaram writes:
> On Mon, Nov 17, 2014 at 5:09 PM, Chris Adams wrote:
> Why did the systemd
> project add this to the scope of the project for "a system and service
> manager for Linux"?
> This was something that could have been easily asked to systemd developers
> rather than the long rant that was posted. In any case,
Right. Like "systemd developers" have such an established track record of
listening to feedback from the community, and the DNS cache was implemented
only pursuant to an open, lengthy discussion on the merits and disadvantages
Er… I don't think so.
The scenario outlined there would be a valid argument for a simple DNS
proxy, and nothing more. I could see this being a perfectly reasonable, and
prudent, argument for a simple DNS proxy, that all containers get pointed
to, and which forwards the DNS queries to whatever the current outside DNS
server the host is configured for, at the moment.
That makes perfect sense. A cobbled-together DNS cache, on the other hand,
makes no sense, whatsoever. Reports of a compromised container poisoning the
systemd DNS cache, and uses that to attack other containers on the same
systems, in 3… 2… 1…
This is really nothing more than a NIH syndrome. Really, that's all this is.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the users