unprivileged mode

[majestrate]

right now the way the daemon is structured in a monolithic fashion, one single executable which assumes it is running as a privileged process. this has made our lives difficult.

right now there are 2 components which most benefit from a split: packet io and name resolution.

right now packet i/o uses a tun interface and this has wide reaching limitations in what the core process can run on. name resolution also uses a privileged port which bring the same limitations as packet i/o.

additionally name resolution is provided via a stub resolver and thus pulls in libunbound which i deeply despise having as a dependency.

in general i want to remove the stub resolver from the codebase. this would mean speaking with something over D-BUS or some other kind of IPC which asks us to resolve a name, invalidate our cache and/or lets us push zone updates as we see fit.

for packet i/o i'd have the core process use a pipe to send and receive ip packets from a parent process who would do what they want with them.