andi- has quit [Ping timeout: 244 seconds]
andi- has joined #nixos-systemd
<Mic92> pbb: compiling it with leak sanitizer, might be a good idea: https://clang.llvm.org/docs/LeakSanitizer.html
<Mic92> todo so one needs to override stdenv with llvmStdenv and pass -fsanitize=address as compile option and ASAN_OPTIONS=detect_leaks=1 as environment variabl
<andi-> IIRC GCC also supports that these days
<andi-> I've been using that for a bunch of local C-"scripts"
<Mic92> Not sure if it also supports the leak detector though
<Mic92> I am testing systemd-resolved new dns over tls: https://github.com/Mic92/dotfiles/commit/a61a2abb420a2bb6e713371621eee849951fc7dd
<Mic92> DNS over tls is not new, but hostname-based certificates are.
<Mic92> One thing I noticed at some point that it would degrade itself to UDP also I set `DNSOverTLS=yes`. This is not so great.
<andi-> Yeah, I wish that thing would be in a better shape. I fear upstream is just not as invested in DNS as in i.e. service management. Looking at how little networkd contributions (and review "knowledge") in the domain they have :'(
<andi-> Once I am done with systemd-networkd and IPv6 PD I wanted to investigate resolved since I hate to keep it calling systemd-hobby-resolved due to all the issues I do encounter when trying to use it.
<Mic92> I might be able to debug this downgrade issue.
<andi-> have you played with OpenBSD's unwind? The system integration there felt actually really on point
<hexa-> from my experience with resolved it can downgrade itself into nothingness, especially if features like DoT or DNSSEC are used
<hexa-> I wouldn't use that thing on anything production grade
<Mic92> andi-: mhm. unwind also seems to fallback to dhcp-acquired resolvers. I don't need that I can use captive-browser to solve wifi portoals
<Mic92> *portals
<Mic92> I am also not sure about the semantics when network is not reachable. Right now applications believe the domain not exists if local resolver fail
<Mic92> I am actually not concerned about dnssec as my own kresd on my server already does dnssec
<arianvp> Fedora CoreOS is using Networkmanager
<arianvp> Instead of networkd and resolved
<arianvp> I guess for similar reasons? Not stable enough yet
globin has quit [Remote host closed the connection]
globin has joined #nixos-systemd
hmpffff has joined #nixos-systemd
hmpffff has quit [Quit: nchrrrr…]
globin has joined #nixos-systemd
globin has quit [Changing host]