[dns-operations] Client retry behavour?

Shumon Huque shuque at isc.upenn.edu
Wed May 9 19:58:59 UTC 2007

On Wed, May 09, 2007 at 04:07:52PM +0000, Paul Vixie wrote:
> most folks who care about this put a full resolver ("recursive nameserver")
> on and wrap it in a restart script and let it handle their
> upstream parallelism for them.  BIND9's "lwresd" was designed with this
> exact thing in mind.

To some extent, flavors of other caching resolver-like entities (which 
still rely on a recursive resolver) already exist in end user operating 
systems today, eg. "lookupd" in Mac OS X and "nscd" on Solaris/Linux etc. 

And speaking of funding the development of new features in resolver 
code, here's a starters list to get a discussion going:

* DNSSEC validation in lwresd (related question: how can we get
  lwresd and bind9 resolver code/libraries configured by default 
  in shipping non-windows operating systems?)

* Support for channel security mechanisms like SIG(0) in the stub
  resolver, or lwresd. (Assuming it's too difficult to roll out
  full caching+validating resolvers to endstations.)

* Implementation of emerging DNSSEC validator APIs (like the 
  SPARTA draft), to improve application-layer visibility of


More information about the dns-operations mailing list