[dns-operations] Best practices for Linux/UNIX stub resolver failover
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Apr 22 19:26:46 UTC 2014
On Tue, Apr 22, 2014 at 03:04:27PM -0400,
Chuck Anderson <cra at WPI.EDU> wrote
a message of 51 lines which said:
> Because the failover behavior in libc is atrocious--each new or
> existing process has to re-do the failover after timing out, and
> even long-running processes have to call res_init() to re-read
> resolv.conf.
I agree with you. It is not usable in practice.
options timeout:1
in /etc/resolv.conf helps a bit (just a bit)
> It seems that the only sensible way to run a datacenter (or a network
> full of Linux workstations for that matter) is to either:
I agree also.
> We need an independent, system-wide DNS cache, and always point
> resolv.conf to 127.0.0.1 to solve this fundamental design
> problem with how name resolution works on a Linux system.
> Windows has had a default system-wide DNS cache for over a
> decade. It is about time that Linux catches up."
I agree and, by the way, this is also necessary to do DNSSEC
validation in the right place (on the user's machine).
More information about the dns-operations
mailing list