My issues with systemd-resolved

Last updated: December 2, 2019

It seems like systemd-resolved made it to Pop!OS 19.10, making it the first distro I ever made /etc/resolv.conf immutable on after modification. systemd-resolved being the reason.. just.. why...

So I went and looked around as to what the purpose of systemd-resolved being a DNS stubby would be. And it appears to replace the DNS cache that already exists in every Linux system.. with a dedicated (sorta) DNS server running on 127.0.0.53. It's just a DNS cache that will query the "real" remote DNS server if it doesn't have a local cache, and will retrieve from its cache up to 4000 records (if memory serves me right) if it's already been cached there. Due to appearing as a "real" DNS server to client applications interacting with it, they will always query the stubby instead.

Now in theory this is a great idea. The closer you can move your DNS to your machine, the better. In practice however this has already been by and large solved.. at the DNS level anyway (I will not divulge into those lovely JavaScript-fests that make up the modern web). Your local DNS will have sub-ms latency - if it hits the cache, that is. But chances are that systemd-resolved isn't your only cache, and that your other caches will be proper DNS servers. One may be in your router. If your default DNS is on the same IP as your gateway, that's likely the case. Consider it a good router. Another cache would be your ISP's DNS servers. Now for privacy those aren't very good and ISP's are known to tamper with them. I don't use my ISP's DNS servers either. But that's the purpose of those servers - providing a low-latency cache for all the users of that ISP.

So with 2 potential caches I fail to see the point of systemd-resolved as yet another one. Especially since it introduces its own set of problems. Imagine chrooting into a distribution that uses systemd-resolved and (of course) pushes it into the /etc/resolv.conf. Now in your chroot systemd won't be pid1, so it will fail to run there.. "can't operate". And with it so will systemd-resolved. And where does that put the 127.0.0.53 in that chroot's /etc/resolv.conf? In an inherently dysfunctional state. Networking all gone.

And the best part of it? I do already have 2 local DNS servers to serve as local authorities for some domain extensions (.lan and .vpn) and to provide caching for everything else. They have a latency of around 0.160ms, caused by mostly wiring length. They're already more than sufficient as DNS caches, proper ones. systemd-resolved has no tangible benefits whatsoever when compared to those. But it doesn't need to be that fancy - if your router provides a DNS cache of its own you've got more or less the same thing.

Is there any reason for systemd-resolved to exist? Especially given the nonexistent "problems" it attempts to solve?