On Wed, Feb 16, 2022 at 12:37 AM Suraj Krishnan <[email protected]> wrote:
> Hello, > > > > I’m reaching out to the community to gather feedback about a feature to > broadcast a d-bus signal notification from systemd-resolved when a DNS > query is completed. The message would contain information about the query > and IP addresses received from the DNS server. > IMO, broadcasts that are visible to everyone on the system bus are *really not a good idea*, especially for multi-user systems. (Not a fan of `ipconfig.exe /displaydns` being open to non-admins, either.) If such logging has to exist at all, it should only go to some specific destination. I'm kinda guessing you want this for situations where resolved uses DNS-over-TLS? If audit logging is necessary, maybe it would be better to use the existing "audit framework" – systemd already links to libaudit for service start/stop operations (via audit_log_user_comm_message). Not sure how or why domain resolution be integrated with the firewall, though. -- Mantas Mikulėnas
