--- type: task --- # Shared DNS Server Consider a shared dnsmasq (or maybe embedded CoreDNS) instance across all the daemon's networks. This would have a few benefits: - Less processes, less problems - Less configuration for the user in the case of more than one network. - Can listen on 127.0.0.x:53, rather than on the nebula address. This allows DNS to come up before nebula, which is helpful when nebula depends on DNS. This would break an existing use-case where a host is using the DNS server of a remote host, as the DNS server would no longer be available on the nebula address. The primary need for this at the moment is mobile, where there is not a real app yet. Once there is a real app this won't be necessary. In the meantime this could be worked-around by allowing the daemon to configure which IP/ports the server listens on (which it would want to do anyway, I imagine). The user can configure the DNS server to listen on the nebula address manually. This solution has the downside of potentially allowing cross-network DNS queries, which might be a big enough security issue to be worth working around even in the initial implementation of this.