systemd-resolved - is it needed?

[KernelOops]

While Fedora does come with systemd-resolved, its a disabled service by default.

So why does CentOS 8 have it enabled by default? Is it absolutely needed, or is it something we can safely disable?

Thank you.

[lightman47]

{only for curiosity} - to what Fedora version do you refer? CentOS 8 was built on circa Fedora 29 I (perhaps incorrectly) think, and I am just trying to parse this out in my brain. <heh>
It would also be interesting to know the answer.

Thanks

[KernelOops]

Both Fedora 30 and 31 have it disabled by default.

[jlehtone]

glibc as name resolver is limited. At least on servers you want something more robust.
systemd-resolved is one such attempt.

Code: Select all

man systemd-resolved.service
man nss-resolve
man NetworkManager.conf   # the 'dns' option

Yes, systemd-resolved.service is enabled in CentOS 8.

Alas, at least in my installs, the nsswitch.conf has:

Code: Select all

hosts:      files dns myhostname

In other words, if someone uses systemd-resolved, then they must use it via bus API and "regular apps" still depend on glibc (or whatever user prefers).

Plot thickens:
https://access.redhat.com/security/cve/cve-2019-15718

This issue does affect the versions of systemd as shipped with Red Hat Enterprise Linux 8, however the systemd-resolved service is not enabled by default

https://unix.stackexchange.com/question ... ns-queries
"Service runs in RHEL 8, but is not used"

Mixed signals.

[KernelOops]

ok in other words, its something that we need to disable.

I'm off to update my ansible playbooks