systemd-resolved - is it needed?

Issues related to applications and software problems and general support
Post Reply
User avatar
KernelOops
Posts: 206
Joined: 2013/12/18 15:04:03
Location: xfs file system

systemd-resolved - is it needed?

Post by KernelOops » 2020/02/10 20:00:32

While Fedora does come with systemd-resolved, its a disabled service by default.

So why does CentOS 8 have it enabled by default? Is it absolutely needed, or is it something we can safely disable?

Thank you.
--
I love my computer - all my friends live there.
--

lightman47
Posts: 1051
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: systemd-resolved - is it needed?

Post by lightman47 » 2020/02/10 21:01:12

{only for curiosity} - to what Fedora version do you refer? CentOS 8 was built on circa Fedora 29 I (perhaps incorrectly) think, and I am just trying to parse this out in my brain. <heh>
It would also be interesting to know the answer.

Thanks
Remember - importing/building packages will likely "byte you in the butt" come update time, long after you'd forgotten you did that! Use repos whenever possible.

User avatar
KernelOops
Posts: 206
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: systemd-resolved - is it needed?

Post by KernelOops » 2020/02/10 22:14:45

Both Fedora 30 and 31 have it disabled by default.
--
I love my computer - all my friends live there.
--

User avatar
jlehtone
Posts: 2534
Joined: 2007/12/11 08:17:33
Location: Finland

Re: systemd-resolved - is it needed?

Post by jlehtone » 2020/02/11 16:23:58

glibc as name resolver is limited. At least on servers you want something more robust.
systemd-resolved is one such attempt.

Code: Select all

man systemd-resolved.service
man nss-resolve
man NetworkManager.conf   # the 'dns' option
Yes, systemd-resolved.service is enabled in CentOS 8.

Alas, at least in my installs, the nsswitch.conf has:

Code: Select all

hosts:      files dns myhostname
In other words, if someone uses systemd-resolved, then they must use it via bus API and "regular apps" still depend on glibc (or whatever user prefers).

Plot thickens:
https://access.redhat.com/security/cve/cve-2019-15718
This issue does affect the versions of systemd as shipped with Red Hat Enterprise Linux 8, however the systemd-resolved service is not enabled by default
https://unix.stackexchange.com/question ... ns-queries
"Service runs in RHEL 8, but is not used"

Mixed signals.

User avatar
KernelOops
Posts: 206
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: systemd-resolved - is it needed?

Post by KernelOops » 2020/02/11 20:41:32

ok in other words, its something that we need to disable.

I'm off to update my ansible playbooks 8-)
--
I love my computer - all my friends live there.
--

Post Reply

Return to “CentOS 8 - General Support”