[dns-operations] NSCD for Linux/UNIX stub resolver failover?
Chuck Aurora
chucka at isc.org
Wed Apr 23 18:08:25 UTC 2014
On 04/23/2014 11:10 AM, Chuck Anderson wrote:
> On Tue, Apr 22, 2014 at 11:27:02PM -0400, Robert Edmonds wrote:
>> Chuck Anderson wrote:
>>> 2. Use a local DNS daemon on every server with forwarders configured
>>> to the network's nameservers, and fix resolv.conf to 127.0.0.1.
IIUC from the resolver documentation, no resolv.conf is the same as one
which contains only "nameserver 127.0.0.1".
>> I'll shamelessly admit that I do this on all my Debian systems,
>> where "apt-get install unbound resolvconf" results in exactly
>> that configuration.
I'm biased[1] perhaps, but I run named with a very simple named.conf to
accomplish the same, and my dhclient is set up not to overwrite my
resolv.conf file. (I am speaking here of my work laptop, which goes with
me everywhere.)
Actually named with an empty named.conf will act as caching resolver for
"localnets"[2]. I've heard how "easy" unbound is, and I don't doubt it's
a good piece of software, but how can it be easier than "echo >
/etc/named.conf ; named"?
Yes, sometimes a hotspot will hijack DNS; in that case I either stay
with my cellular ISP or "echo nameserver 8.8.4.4 > /etc/resolv.conf"
(and grumble loudly.)
> Has anyone had good experiences with using NSCD to solve the DNS
> failover problem?
I'm not a fan of nscd because as best as I can tell from its manual,
nscd does not understand DNS TTL values. On a system where most nsswitch
lookups are file-based, I don't see a lot of value in having those cached.
DNS is an exception; caching is almost always a Good Idea. But why not
use real DNS software to do that? And I'm not entirely biased[1],
because I've also used dnsmasq in that role. (With dnsmasq's new DNSSEC
support it's increasingly a good choice for such tasks.)
[1] Sure, I have a vested interest in BIND, but for the record, I liked
BIND long before I applied for this job. :)
[2] "localnets", the built-in acl for all directly-connected networks
--
Chuck Aurora : ISC Software Support : chucka at isc.org
Internet Systems Consortium, Inc.
More information about the dns-operations
mailing list