25 Čen
2019
25 Čen
'19
18:25
Hi,
we are eagerly waiting for more feedback, do not hesitate to reply to
mailing list or one of team members using a private channel.
Up until now we have determined that socket activation
a) is causing confusion among users,
b) prevents gradual service restarts after network configuration changes,
c) is slow at high QPS (probably for reasons related to locking inside
socket kernel code).
Tentativelly we plan to remove socket activation in one of future
versions but specific date or release version was not set yet.
Petr Špaček @ CZ.NIC
On 05. 06. 19 17:46, Tomas Krizek wrote:
Hi,
I'd like to ask your opinion about knot-resolver's systemd integration -
in particular, about the network configuration which is currently done
via drop-in files for systemd sockets - kresd.socket, kresd-tls.socket,
kresd-doh.socket and kresd-webmgmt.socket. [network-config-doc]
Have you had any issues while trying to configure network interfaces for
kresd?
Do you find the benefits of socket activation worth the extra complexity
of network configuration? (socket activation enables kresd to be
executed under non-priviledged user and the process doesn't require any
extra capabilities)
All the newtork configuration could take place in kresd.conf via
net.listen() [net-listen-exmaple] if we decided to drop the socket
activation feature. However, this would require we start the service
with the CAP_NET_BIND_SERVICE capability, which could be dropped once
kresd binds to the ports.
Any feedback is welcome!
[network-config-doc] -
https://knot-resolver.readthedocs.io/en/stable/daemon.html#network-configur…
[net-listen-exmaple] -
https://knot-resolver.readthedocs.io/en/stable/daemon.html#c.net.listen