[dns-operations] Best practices for Linux/UNIX stub resolver failover
Chuck Anderson
cra at WPI.EDU
Tue Apr 22 19:56:03 UTC 2014
On Tue, Apr 22, 2014 at 12:46:59PM -0700, David Conrad wrote:
> On Apr 22, 2014, at 12:26 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> >> We need an independent, system-wide DNS cache, and always point
> >> resolv.conf to 127.0.0.1 to solve this fundamental design
> >> problem with how name resolution works on a Linux system.
> >> Windows has had a default system-wide DNS cache for over a
> >> decade. It is about time that Linux catches up."
> >
> > I agree and, by the way, this is also necessary to do DNSSEC
> > validation in the right place (on the user's machine).
>
> +1
>
> In my view, the benefits of a local cache vastly outweigh the costs. The only downside is it can be a real PITA if you travel and have to rely on #)@)@# broken middleboxes to authenticate to networks. DNS-over-HTTPS: it seems like it's as inevitable as the heat death of the universe (and about as desirable)...
dnssec-trigger + unbound handles the hotspot case.
More information about the dns-operations
mailing list