[dns-operations] Client retry behavour?
Shumon Huque
shuque at isc.upenn.edu
Wed May 9 19:58:59 UTC 2007
On Wed, May 09, 2007 at 04:07:52PM +0000, Paul Vixie wrote:
>
> most folks who care about this put a full resolver ("recursive nameserver")
> on 127.0.0.1 and wrap it in a restart script and let it handle their
> upstream parallelism for them. BIND9's "lwresd" was designed with this
> exact thing in mind.
To some extent, flavors of other caching resolver-like entities (which
still rely on a recursive resolver) already exist in end user operating
systems today, eg. "lookupd" in Mac OS X and "nscd" on Solaris/Linux etc.
And speaking of funding the development of new features in resolver
code, here's a starters list to get a discussion going:
* DNSSEC validation in lwresd (related question: how can we get
lwresd and bind9 resolver code/libraries configured by default
in shipping non-windows operating systems?)
* Support for channel security mechanisms like SIG(0) in the stub
resolver, or lwresd. (Assuming it's too difficult to roll out
full caching+validating resolvers to endstations.)
* Implementation of emerging DNSSEC validator APIs (like the
SPARTA draft), to improve application-layer visibility of
DNSSEC.
--Shumon.
More information about the dns-operations
mailing list