1.2 KiB
| type |
|---|
| task |
Shared DNS Server
Consider a shared dnsmasq (or maybe embedded CoreDNS) instance across all the daemon's networks.
This would have a few benefits:
- Less processes, less problems
- Less configuration for the user in the case of more than one network.
- Can listen on 127.0.0.x:53, rather than on the nebula address. This allows DNS to come up before nebula, which is helpful when nebula depends on DNS.
This would break an existing use-case where a host is using the DNS server of a remote host, as the DNS server would no longer be available on the nebula address. The primary need for this at the moment is mobile, where there is not a real app yet. Once there is a real app this won't be necessary.
In the meantime this could be worked-around by allowing the daemon to configure which IP/ports the server listens on (which it would want to do anyway, I imagine). The user can configure the DNS server to listen on the nebula address manually.
This solution has the downside of potentially allowing cross-network DNS queries, which might be a big enough security issue to be worth working around even in the initial implementation of this.