Hi,
There is currently a large thread in devel discussing the
implementation of systemd-resolved for resolving DNS. As part of that
I read this:
> > This is not the reality I live in though. New-style high level
> > programming languages tend to avoid being just a wrapper around C
> > APIs. And thus they implement minimal DNS clients themselves,
> > ignoring the LLMNR, mDNS and so on.
>
> Not just for DNS. For SMTP, HTTP, etc.
>
> The modern way of coding apps is minimal marginally-compliant and
> secure built-in network client (so things sort of work on the dev
> system and in CI/CD unit tests), with the OS interposing a
> full-featured protocol proxy in “production” deployments.
For me, the implication of that is that I am no longer in control of
DNS, etc. If some program has hard coded DNS servers, they bypass
everything and just ignore system settings. Am I understanding
correctly?
If I'm not, great, I'm happy. If I am, though, how do I take back
control? I have turned off NetworkManager control of DNS and use a
simple caching resolver, knot-resolver. Am I OK, since all DNS access
has to go through that resolver, with my configured DNS servers?
In particular, I'm thinking about firefox, since as part of that thread
it emerged that browsers are including their own DNS clients with
things like DOH and DOT. Before I start knot-resolver, firefox cannot
reach the web. Is that an indication that it does, in fact, use my
DNS resolver?