[dns-operations] Best practices for Linux/UNIX stub resolver failover

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Apr 22 19:26:46 UTC 2014

On Tue, Apr 22, 2014 at 03:04:27PM -0400,
 Chuck Anderson <cra at WPI.EDU> wrote 
 a message of 51 lines which said:

> Because the failover behavior in libc is atrocious--each new or
> existing process has to re-do the failover after timing out, and
> even long-running processes have to call res_init() to re-read
> resolv.conf.

I agree with you. It is not usable in practice.

options timeout:1
in /etc/resolv.conf helps a bit (just a bit)

> It seems that the only sensible way to run a datacenter (or a network
> full of Linux workstations for that matter) is to either:

I agree also.

>     We need an independent, system-wide DNS cache, and always point
>     resolv.conf to to solve this fundamental design
>     problem with how name resolution works on a Linux system.
>     Windows has had a default system-wide DNS cache for over a
>     decade.  It is about time that Linux catches up."

I agree and, by the way, this is also necessary to do DNSSEC
validation in the right place (on the user's machine).

More information about the dns-operations mailing list