| 18 Jun 2025 |
 Alyssa Ross | In reply to @alina:kescher.at
can someone please give me some feedback for how to deal with unbound's broken upstream?
https://github.com/NixOS/nixpkgs/pull/417917 Contacting them is best. Looking at what other distros that try to stay up to date (like Fedora) do can also be helpful. You can find links to other distros' package builds using Repology. | 17:51:15 |
| Alyssa Ross | Have you checked whether unbound HEAD still needs this old version? | 17:52:07 |
| Alyssa Ross | Sometimes we can just backport a change that makes it compatible with new versions. | 17:52:30 |
 @alina:kescher.at | i assume so, since that feature was only introduced in 1.22.0 while we are now at 1.23.0 | 18:22:17 |
| @alina:kescher.at | but i'm having a hard time making sense of that huge autoconfigure mess | 18:22:36 |
| @alina:kescher.at | this is so fun, though i'm still a bit scared of messing up regarding social conventions around contributing to open source projects | 18:37:50 |
 hexa | I think it is a super reasonable use case to use a full-blown resolver locally, so I'm opposed to removing them from the default resolver list | 18:48:08 |
| hexa | and colocating resolved with one of these should make some noise, because I don't believe people set those up together intentionally. | 18:49:40 |
| 19 Jun 2025 |
 emily | right, I am just not sure if services.foo.enable is the place to make the decision about the local resolver, since there are reasons you could want to run unbound or whatever without using it as the local resolver. (and indeed services.unbound.resolveLocalQueries is its own separate toggle albeit on by default)
but I think that if we want to keep that behaviour, then the modules should set networking.resolvconf.enable = mkDefault true; in addition to the current networking.resolvconf.useLocalResolver = mkDefault true;, and then we should ensure that there's an explicit conflict between networking.resolvconf.enable and services.resolved.enable. then you still have an escape hatch but they explicitly express that they expect to be used with resolvconf and we'd get a proper conflict error without the weirdness of looking at networking.resolvconf.useLocalResolver even when the module is turning itself off.
(TBH, I find the !(config.environment.etc ? "resolv.conf") default for networking.resolvconf.enable questionable in general, it's a bit magical/implicit for my tastes.)
(FWIW I don't think that having systemd-resolved front a local resolver is that weird or bad though, so it seems like it would also be fine to lift it to networking.useLocalResolver and add support to the resolved module. like I grant that systemd-resolved is not necessarily great software, but I don't think "run a local recursive resolver, but I do also want mDNS domains to work and my normal-DNS resolver doesn't handle that" is that weird a use case – that kind of thing is why systemd-resolved runs a stub listener at all. I agree that we don't want situations where people expect systemd-resolved to be disabled but it isn't, though)
| 10:29:11 |
| emily | the question is just whether the recursive resolver modules are expressing the preference "by default, this should be the default resolver for the system" or "if you're using resolvconf, this should be the default resolver for the system" | 10:29:55 |
| emily | * the question is just whether the recursive resolver modules are expressing the preference "by default, this should be the default resolver for the system, configured by resolvconf" or "if you're using resolvconf, this should be the default resolver for the system" | 10:30:12 |
| emily | currently by omitting networking.resolvconf.enable they're expressing the latter, which might not be a thing that makes sense to express and led to your surprise | 10:30:33 |
|  lgcl (she/they) changed their display name from lgcl (they/them) to lgcl (she/they). | 18:08:53 |
 Zhaofeng Li |
I am just not sure if services.foo.enable is the place to make the decision about the local resolver, since there are reasons you could want to run unbound or whatever without using it as the local resolver
Same energy as caddy trying to install the self-signed CA into the local trust store by default if it's enabled - I was surprised and a bit annoyed by the behavior
| 19:16:07 |
|  @louis2747:matrix.org left the room. | 23:21:06 |
| 20 Jun 2025 |
|  skorpy (she/her) changed their display name from skorpy 🏳️⚧️ to skorpy (she/her or none) 🏳️⚧️. | 14:19:09 |
|  debugloop joined the room. | 17:30:42 |
| @alina:kescher.at changed their display name from alina, dognitohazard 🏳️⚧️🐾 to alina, moved to @alina:catgirl.cloud. | 18:14:59 |
|  alina arielle amelie🏳️⚧️🐾 joined the room. | 18:49:57 |
| @alina:kescher.at left the room. | 18:50:05 |
| alina arielle amelie🏳️⚧️🐾 set a profile picture. | 18:58:06 |
|  @genericnerdyusername:matrix.org left the room. | 23:30:40 |
| 21 Jun 2025 |
 K900 | Anyone know a tool that I can point at a DNS server and just blast a lot of requests to it and see where it fails? | 08:33:26 |
| hexa | K900: like dnstracer? | 10:10:07 |
| hexa | ❯ dnstracer -s . 0upti.me
Tracing to 0upti.me[a] via A.ROOT-SERVERS.NET, maximum of 3 retries
A.ROOT-SERVERS.NET [.] (2001:0503:ba3e:0000:0000:0000:0002:0030)
|\___ b2.nic.me [me] (2001:0500:004f:0000:0000:0000:0000:0001)
| |\___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) Got authoritative answer
| |\___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) Got authoritative answer
| |\___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) Got authoritative answer
| |\___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) Got authoritative answer
| |\___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) Got authoritative answer
| |\___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) Got authoritative answer
| \___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) Got authoritative answer
| \___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) Got authoritative answer
| \___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) Got authoritative answer
| \___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) Got authoritative answer
| \___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) Got authoritative answer
| \___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) Got authoritative answer
|\___ b2.nic.me [me] (199.249.127.1)
| |\___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
|\___ a2.nic.me [me] (2001:0500:0047:0000:0000:0000:0000:0001)
| |\___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
|\___ a2.nic.me [me] (199.249.119.1)
| |\___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
|\___ c0.nic.me [me] (2001:0500:0055:0000:0000:0000:0000:0001)
| |\___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
|\___ c0.nic.me [me] (199.253.61.1)
| |\___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
|\___ a0.nic.me [me] (2001:0500:0053:0000:0000:0000:0000:0001)
| |\___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
|\___ a0.nic.me [me] (199.253.59.1)
| |\___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
| |\___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
| \___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
|\___ b0.nic.me [me] (2001:0500:0054:0000:0000:0000:0000:0001)
| |\___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
| |\___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
| \___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
\___ b0.nic.me [me] (199.253.60.1)
|\___ karl.ns.cloudflare.com [0upti.me] (108.162.193.190) (cached)
|\___ karl.ns.cloudflare.com [0upti.me] (173.245.59.190) (cached)
|\___ karl.ns.cloudflare.com [0upti.me] (172.64.33.190) (cached)
|\___ karl.ns.cloudflare.com [0upti.me] (2606:4700:0058:0000:0000:0000:adf5:3bbe) (cached)
|\___ karl.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c1be) (cached)
|\___ karl.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:21be) (cached)
\___ janet.ns.cloudflare.com [0upti.me] (108.162.192.169) (cached)
\___ janet.ns.cloudflare.com [0upti.me] (172.64.32.169) (cached)
\___ janet.ns.cloudflare.com [0upti.me] (173.245.58.169) (cached)
\___ janet.ns.cloudflare.com [0upti.me] (2606:4700:0050:0000:0000:0000:adf5:3aa9) (cached)
\___ janet.ns.cloudflare.com [0upti.me] (2a06:98c1:0050:0000:0000:0000:ac40:20a9) (cached)
\___ janet.ns.cloudflare.com [0upti.me] (2803:f800:0050:0000:0000:0000:6ca2:c0a9) (cached)
| 10:10:44 |
| K900 | No, I need like a load test | 12:35:51 |
 magic_rb | Id like that too | 12:37:58 |
 antifuchs | I feel like powerdns had a load test tool, but it’s probably easier to script something like that yourself since you’ll need some sort of distributed load simulation for a degree of realism | 14:18:38 |
| antifuchs | (Say, using locust) | 14:19:21 |
| K900 | I don't need it to be realistic | 14:20:09 |
