Skip to content

Commit

Permalink
chore(common): install libnss-resolve for better integration with r…
Browse files Browse the repository at this point in the history 
…esolved

This makes applications that use the glibc getaddrbyname and similar
APIs that fall back to glibc NSS talk directly to systemd-resolved
through Unix sockets instead of falling back to its stub DNS resolver
over UDP on the loopback interface, which is more efficient and
reliable, as no firewall rules can block such communication.
  • Loading branch information
@AlexTMjugador
AlexTMjugador committed Nov 18, 2024
1 parent ab096a8 commit 5b7af48
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions roles/common/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@
# Necessary for Ansible:
# https://docs.ansible.com/ansible-core/2.14/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user
- acl
# Letting glibc NSS use systemd-resolved for DNS resolution is more robust and efficient,
# as otherwise a fallback to UDP DNS packets over the loopback interface is done
- libnss-resolve
install_recommends: false
update_cache: true

Expand Down

0 comments on commit 5b7af48

Please sign in to comment.