[dns-operations] Best practices for Linux/UNIX stub resolver failover

Chuck Anderson cra at WPI.EDU
Tue Apr 22 19:56:03 UTC 2014

On Tue, Apr 22, 2014 at 12:46:59PM -0700, David Conrad wrote:
> On Apr 22, 2014, at 12:26 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> >>    We need an independent, system-wide DNS cache, and always point
> >>    resolv.conf to to solve this fundamental design
> >>    problem with how name resolution works on a Linux system.
> >>    Windows has had a default system-wide DNS cache for over a
> >>    decade.  It is about time that Linux catches up."
> > 
> > I agree and, by the way, this is also necessary to do DNSSEC
> > validation in the right place (on the user's machine).
> +1
> In my view, the benefits of a local cache vastly outweigh the costs.  The only downside is it can be a real PITA if you travel and have to rely on #)@)@# broken middleboxes to authenticate to networks. DNS-over-HTTPS: it seems like it's as inevitable as the heat death of the universe (and about as desirable)...

dnssec-trigger + unbound handles the hotspot case.

More information about the dns-operations mailing list