isle/tasks/soon/drafts/shared-dns.md

30 lines
1.2 KiB
Markdown
Raw Normal View History

---
type: task
---
# Shared DNS Server
Consider a shared dnsmasq (or maybe embedded CoreDNS) instance across all the
daemon's networks.
This would have a few benefits:
- Less processes, less problems
- Less configuration for the user in the case of more than one network.
- Can listen on 127.0.0.x:53, rather than on the nebula address. This
allows DNS to come up before nebula, which is helpful when nebula depends
on DNS.
This would break an existing use-case where a host is using the DNS server of a
remote host, as the DNS server would no longer be available on the nebula
address. The primary need for this at the moment is mobile, where there is not a
real app yet. Once there is a real app this won't be necessary.
In the meantime this could be worked-around by allowing the daemon to configure
which IP/ports the server listens on (which it would want to do anyway, I
imagine). The user can configure the DNS server to listen on the nebula address
manually.
This solution has the downside of potentially allowing cross-network DNS
queries, which might be a big enough security issue to be worth working around
even in the initial implementation of this.