[knot-resolver-users] network configuration via systemd sockets - feedback?

Hi, I'd like to ask your opinion about knot-resolver's systemd integration - in particular, about the network configuration which is currently done via drop-in files for systemd sockets - kresd.socket, kresd-tls.socket, kresd-doh.socket and kresd-webmgmt.socket. [network-config-doc] Have you had any issues while trying to configure network interfaces for kresd? Do you find the benefits of socket activation worth the extra complexity of network configuration? (socket activation enables kresd to be executed under non-priviledged user and the process doesn't require any extra capabilities) All the newtork configuration could take place in kresd.conf via net.listen() [net-listen-exmaple] if we decided to drop the socket activation feature. However, this would require we start the service with the CAP_NET_BIND_SERVICE capability, which could be dropped once kresd binds to the ports. Any feedback is welcome! [network-config-doc] - https://knot-resolver.readthedocs.io/en/stable/daemon.html#network-configur… [net-listen-exmaple] - https://knot-resolver.readthedocs.io/en/stable/daemon.html#c.net.listen -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869