Post B0NV0uCdFC8MFcvSgi by pid_eins@mastodon.social
(DIR) More posts by pid_eins@mastodon.social
(DIR) Post #B0NV0WKbzsFyDQTUnI by pid_eins@mastodon.social
2025-11-18T09:55:14Z
0 likes, 1 repeats
It's that time again! The systemd v259 release is coming closer. Let's restart the "what's new" series of posts for this iteration! Hence:1️⃣ Here's the 1st post highlighting key new features of the upcoming v259 release of systemd. #systemd259For many usecases it's quite useful if local services can register additional hostnames for local resolution. For example, container and VM managers might want to register the IPs of locally running containers or VMs via a hostname, so that you can…
(DIR) Post #B0NV0c22noy9tZpkga by pid_eins@mastodon.social
2025-11-18T09:57:56Z
0 likes, 0 repeats
…access them by name rather than by address.With v259 we are making this easy: there's now a "hook" interface in systemd-resolved: any privileged local daemon may bind an AF_UNIX socket in /run/systemd/resolve.hook/, and implement a simple Varlink IPC interface on it. If they do so, systemd-resolved will query it for every single local name resolution request, and they can answer positively, negatively, or let the resolution request be processed by the usual DNS based logic.
(DIR) Post #B0NV0i6AFPpWi5o7wO by pid_eins@mastodon.social
2025-11-18T10:00:03Z
0 likes, 0 repeats
If multiple hook services are in place, they are always queried in parallel, to reduce latencies (but if multiple return positively the service with the alphabetically first socket path wins). In systemd there are now two services which bind sockets there by default:First of all systemd-machined makes all local containers/VMs that registered their IP addresses with it resolvable.Secondly, systemd-networkd makes all hosts resolvable for which its internal DHCP server handed out leases.
(DIR) Post #B0NV0oIRChDFvtb0u8 by pid_eins@mastodon.social
2025-11-18T10:02:16Z
0 likes, 0 repeats
You might wonder: how does this relate to nss-mymachines? That NSS plugin did something very similar to the systemd-machined logic implemented now, however, it has one problem: it operates strictly and exclusively on the NSS level, but many programs nowadays bypass that and talk DNS directly with the configured servers. Since systemd-resolved registers itself as local DNS server in /etc/resolv.conf it means the new hook logic works for all types of lookups, regardless if they come via NSS, …
(DIR) Post #B0NV0uCdFC8MFcvSgi by pid_eins@mastodon.social
2025-11-18T10:04:53Z
0 likes, 0 repeats
…, D-Bus, Varlink or the local DNS stub. I think in the longer run we should deprecate nss-mymachines.You might also wonder: sending every single lookup to all hooks might be quite expensive! As it turns out, the Varlink protocol spoken on the hook services is a bit smarter: it allows the hook service to install a filter on the requests it wants: restrict the hook to certain domains, or limits on the number of labels in the lookup.Note that this API is public, i.e. any service can register…
(DIR) Post #B0NV0zyJnKFW8yH7D6 by pid_eins@mastodon.social
2025-11-18T10:05:17Z
0 likes, 0 repeats
…names this way, not just systemd-machined and systemd-networkd.And that's it for the first episode.
(DIR) Post #B0P1EJ3lWrKqndAkka by arianvp@functional.cafe
2025-11-19T10:50:30Z
1 likes, 0 repeats
@alina @pid_eins i thought about it for a night and it doesn't solve it. Can still be that nss_systemd itself is ABI incompatible with a program that you load with older glibc :(