[dns-operations] Best practices for Linux/UNIX stub resolver failover

David Conrad david.conrad at gmail.com
Tue Apr 22 19:46:59 UTC 2014

On Apr 22, 2014, at 12:26 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>>    We need an independent, system-wide DNS cache, and always point
>>    resolv.conf to to solve this fundamental design
>>    problem with how name resolution works on a Linux system.
>>    Windows has had a default system-wide DNS cache for over a
>>    decade.  It is about time that Linux catches up."
> I agree and, by the way, this is also necessary to do DNSSEC
> validation in the right place (on the user's machine).


In my view, the benefits of a local cache vastly outweigh the costs.  The only downside is it can be a real PITA if you travel and have to rely on #)@)@# broken middleboxes to authenticate to networks. DNS-over-HTTPS: it seems like it's as inevitable as the heat death of the universe (and about as desirable)...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140422/43661e25/attachment.sig>

More information about the dns-operations mailing list