[systemd-devel] [RFC] systemd-resolved: Send d-bus signal after DNS resolution
Mantas Mikulėnas
grawity at gmail.com
Wed Feb 16 17:53:56 UTC 2022
On Wed, Feb 16, 2022 at 12:37 AM Suraj Krishnan <surajkr at microsoft.com>
wrote:
> Hello,
>
>
>
> I’m reaching out to the community to gather feedback about a feature to
> broadcast a d-bus signal notification from systemd-resolved when a DNS
> query is completed. The message would contain information about the query
> and IP addresses received from the DNS server.
>
IMO, broadcasts that are visible to everyone on the system bus are *really
not a good idea*, especially for multi-user systems. (Not a fan of
`ipconfig.exe /displaydns` being open to non-admins, either.) If such
logging has to exist at all, it should only go to some specific destination.
I'm kinda guessing you want this for situations where resolved uses
DNS-over-TLS? If audit logging is necessary, maybe it would be better to
use the existing "audit framework" – systemd already links to libaudit for
service start/stop operations (via audit_log_user_comm_message).
Not sure how or why domain resolution be integrated with the firewall,
though.
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20220216/5d096c59/attachment.htm>
More information about the systemd-devel
mailing list