[dns-operations] Best practices for Linux/UNIX stub resolver failover
David Conrad
david.conrad at gmail.com
Tue Apr 22 19:46:59 UTC 2014
On Apr 22, 2014, at 12:26 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>> We need an independent, system-wide DNS cache, and always point
>> resolv.conf to 127.0.0.1 to solve this fundamental design
>> problem with how name resolution works on a Linux system.
>> Windows has had a default system-wide DNS cache for over a
>> decade. It is about time that Linux catches up."
>
> I agree and, by the way, this is also necessary to do DNSSEC
> validation in the right place (on the user's machine).
+1
In my view, the benefits of a local cache vastly outweigh the costs. The only downside is it can be a real PITA if you travel and have to rely on #)@)@# broken middleboxes to authenticate to networks. DNS-over-HTTPS: it seems like it's as inevitable as the heat death of the universe (and about as desirable)...
Regards,
-drc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140422/43661e25/attachment.sig>
More information about the dns-operations
mailing list