systemd-resolved made the web browsing experience really bad. Web pages in the browser took few seconds to even show up (blank page for few seconds). The only modification I made is using DNS-over-TLS servers from NextDNS. Everything else I did as advised in the arch wiki. The pages took a good few seconds to load.
Then I switched to Knot Resolver while still using NextDNS/DNS-over-TLS. Guess what?! The page loading is quite satisfactory!
I made this post because I thought since systemd-resolved is included by default it should be quite good, why needlessly bloat the system by installing a 3rd party DNS resolver?! Guess what the assumption might not be always right.
people always like to say “What ever happened to the UNIX philosophy?” like in that reddit thread…but Linux never followed Unix philiosophy because it isnt Unix.
You dont have to like SystemD, and there are perfectly valid reasons people dont, but this guy literally got death threats over systemd
people continue to harass him and threaten his life to this day. There are reasons people dont like it, you can find a lot of info as to why around the net. Some is good, some is FUD, and some is basically conspiracy.
Death threats aside (which is nuts, if true…oh those Linux nerds )
It’s quite simple why people seek to use different systems:
Smaller less BLOATED programs are much simpler to maintain and audit
Therefore it’s much more secure by definition
What boggles me - why nobody have made a less bloated better coded drop-in replacement with same syntax like sosytemd…that would solve a lot of trouble.
would take a good chunk of effort and the majority of the linux community doesnt really care. If someone can and has the time/want to do so and makes it a compelling option i dont see anyone really arguing it.
Community who doesn’t know better - sure, but a lot of developers and security oriented people care a lot - which is an actual driving force…Sure it would take an effort, but that’s something very well worth it, rather than fixing many problems caused by soystemd across pretty much all distributions…
I’d love to see something like that,kinda like pulseaudio / pipewire, unfortunately personally i’m lacking experience for such serious programming.
My ISP/Government messes with DNS so I need a secure DNS like DNS-over-TLS or DNS over HTTPS which is not possible on my router. Also I would like ad blocking which, incidentally, I like NextDNS for it.
Now I’m also more on the Unix side of things of “doing one thing, but do it well”, but:
For certain things though it does make sense if the individual components mesh together nicely though.
Look at the kernel. A monolithic monster (well, yes there are “kernel modules”, but still it’s pretty much just one big, extremely bloated thing)
Most likely it is very well coded and nobody wants to re-invent the slightly rounder wheel.
are you using your ISP router or maybe one you could install openwrt on? If you have an old PC you can put a second nic in you would run pfsense/opnsense and have a much more powerful solution.
Thanks. Both of the alternatives look very interesting but are not possible for me. (router is too basic although not provided by ISP and I do not have a second system)
If you can get your hands on a raspi (or something similar), set up pihole and set that in your router DHCP settings as DNS server.
That way you can do network-wide, “host” based DNS blocking and use a DNS-over-TLS upstream DNS server.