| 16 Jun 2025 |
 emily | path of least resistance and most functionality is to let resolved be the API frontend for your underlying recursive resolver, for better or worse | 04:23:53 |
 hexa | hell no | 04:24:07 |
| hexa | resolved does not perform at all | 04:24:13 |
| emily | part of the problem is that getaddrinfo(3)/gethostbyname(3) are useless APIs that are even more anaemic than other OS's native DNS APIs | 04:24:58 |
| hexa | we have systems at work that will put resolved at 100% cpu with queries and it will not keep up | 04:25:14 |
| emily | so tons of applications have to reimplement their own DNS to begin with | 04:25:15 |
| emily | lovely | 04:25:25 |
| hexa | it's such a joke | 04:25:26 |
| emily | are you sure that's not because of DNSSEC? | 04:25:29 |
| emily | it tries to do DNSSEC validation OOTB | 04:25:34 |
| emily | if you disable that and let your local resolver handle it I would be surprised if it has much overhead | 04:25:45 |
| hexa | yes, I'm sure that we didn't try to make it do DNSSEC related things 🙂 | 04:25:50 |
| emily | like I said, OOTB | 04:25:57 |
| emily | you have to explicitly disable it | 04:26:01 |
| hexa | again | 04:26:04 |
| hexa | no offense | 04:26:07 |
| hexa | I've been in the resolved dnssec issues years ago | 04:26:21 |
| hexa | I' | 04:26:28 |
| hexa | * I've killed dnssec support locally before it hit nixpkgs | 04:26:37 |
| hexa | because it wouldn't properly work and break resolution needlessly | 04:26:53 |
| emily | the old DNSSEC issues are pretty depressing yeah | 04:27:15 |
| hexa | systemd sometimes does to much and the developers are spread to thin | 04:27:19 |
| emily | I think they have mostly been fixed by now but systemd upstream attitude to bug reports is depressing | 04:27:29 |
| hexa | so resolved was built and remained broken for years | 04:27:33 |
| emily | yeah I've also followed it | 04:27:45 |
| emily | it doesn't seem like great software | 04:27:50 |
| hexa | I like resolved for its DoT capability | 04:28:13 |
| emily | a good modern API for DNS for the Linux platform is something that we do need though, which is why I expect the NSS/D-Bus parts of it to be used increasingly | 04:28:18 |
| emily | for better or worse | 04:28:24 |
| hexa | and for its per interface dns resolution | 04:28:30 |
