Bad experience with systemd-resolved

General system Newbie
1

systemd-resolved made the web browsing experience really bad. Web pages in the browser took few seconds to even show up (blank page for few seconds). The only modification I made is using DNS-over-TLS servers from NextDNS. Everything else I did as advised in the arch wiki. The pages took a good few seconds to load.

Then I switched to Knot Resolver while still using NextDNS/DNS-over-TLS. Guess what?! The page loading is quite satisfactory!

I made this post because I thought since systemd-resolved is included by default it should be quite good, why needlessly bloat the system by installing a 3rd party DNS resolver?! Guess what the assumption might not be always right.

2

in short:

1 Like
3

There are people that actually believe this

people always like to say “What ever happened to the UNIX philosophy?” like in that reddit thread…but Linux never followed Unix philiosophy because it isnt Unix.

You dont have to like SystemD, and there are perfectly valid reasons people dont, but this guy literally got death threats over systemd

1 Like
4

LOL

Me after fully embracing systemd: Yes… Yes… Let the convenience and ease of use flow through…

1 Like
5

Yes, any sane developers for example…security experts :joy:

But there are a lot of people who like sosytemd, h4xXx0rs for instance :rofl:

1 Like
6

Really?!

I don’t understand what would anyone gain from not using systemd. I am surprised distributions like this exist: Devuan, Artix Linux.

7

people continue to harass him and threaten his life to this day. There are reasons people dont like it, you can find a lot of info as to why around the net. Some is good, some is FUD, and some is basically conspiracy.

8

Death threats aside (which is nuts, if true…oh those Linux nerds :man_facepalming:)

It’s quite simple why people seek to use different systems:

  • Smaller less BLOATED programs are much simpler to maintain and audit
  • Therefore it’s much more secure by definition

What boggles me - why nobody have made a less bloated better coded drop-in replacement with same syntax like sosytemd…that would solve a lot of trouble.

And here’s more in-depth of why it sucks :rofl:
https://suckless.org/sucks/systemd/

2 Likes
9

Actually a great idea!

1 Like
10

would take a good chunk of effort and the majority of the linux community doesnt really care. If someone can and has the time/want to do so and makes it a compelling option i dont see anyone really arguing it.

1 Like
11

Community who doesn’t know better - sure, but a lot of developers and security oriented people care a lot - which is an actual driving force…Sure it would take an effort, but that’s something very well worth it, rather than fixing many problems caused by soystemd across pretty much all distributions…

I’d love to see something like that,kinda like pulseaudio / pipewire, unfortunately personally i’m lacking experience for such serious programming.

12

on topic Im wondering why not just do DNS resolving on your router? why do it local on your system?

13

My ISP/Government messes with DNS so I need a secure DNS like DNS-over-TLS or DNS over HTTPS which is not possible on my router. Also I would like ad blocking which, incidentally, I like NextDNS for it.

14

Sorry for offtopic:

I really don’t get why there is so much hatred vs. systemd.

The whole systemd ecosystem is actually quite modular.
It’s not that it’s just one big binary…

systemd-analyze                   systemd-creds                     systemd-escape                    systemd-inhibit                   systemd-path                      systemd-stdio-bridge              systemd-umount
systemd-ask-password              systemd-cryptenroll               systemd-firstboot                 systemd-machine-id-setup          systemd-repart                    systemd-sysext                    
systemd-cat                       systemd-delta                     systemd-gnome-ask-password-agent  systemd-mount                     systemd-resolve                   systemd-sysusers                  
systemd-cgls                      systemd-detect-virt               systemd-hwdb                      systemd-notify                    systemd-run                       systemd-tmpfiles                  
systemd-cgtop                     systemd-dissect                   systemd-id128                     systemd-nspawn                    systemd-socket-activate           systemd-tty-ask-password-agent

Now I’m also more on the Unix side of things of “doing one thing, but do it well”, but:
For certain things though it does make sense if the individual components mesh together nicely though.

Look at the kernel. A monolithic monster (well, yes there are “kernel modules”, but still it’s pretty much just one big, extremely bloated thing)

Most likely it is very well coded and nobody wants to re-invent the slightly rounder wheel. :man_shrugging:

4 Likes
15

are you using your ISP router or maybe one you could install openwrt on? If you have an old PC you can put a second nic in you would run pfsense/opnsense and have a much more powerful solution.

just my 2 cents and the kinda thing i do :]

1 Like
16

honka_animated-128px-15

That’s very well coded.
https://core.suckless.org/sinit/

Indeed…That’s unfortunate, can’t wait for GNU/Hurd…It will come soon, very soon! :rofl:

17

Thanks. Both of the alternatives look very interesting but are not possible for me. (router is too basic although not provided by ISP and I do not have a second system)

18

If you can get your hands on a raspi (or something similar), set up pihole and set that in your router DHCP settings as DNS server.
That way you can do network-wide, “host” based DNS blocking and use a DNS-over-TLS upstream DNS server.

2 Likes
19

VenomLinux

@anon79429890 ?

20

I am aware of this and also very interested in it. I might do something like this in the future.