[dns-operations] On-board resolvers (was Re: NANOG threat on government-ordered DNS poisoning and DNSSEC.)
Jared Mauch
jared at puck.nether.net
Fri Nov 13 14:50:08 UTC 2015
> On Nov 13, 2015, at 9:32 AM, Frank Sweetser <fs at wpi.edu> wrote:
>
>
> On 11/13/2015 09:22 AM, Mark Jeftovic wrote:
>>
>>
>> On 2015-11-13 4:55 AM, Roland Dobbins wrote:
>>>
>>> <http://mailman.nanog.org/pipermail/nanog/2015-November/082310.html>
>>>
>>
>>> From time to time I wonder why there has not been an impetus toward
>> on-board DNS resolvers: on the device, on the desktop, on the computer,
>> everything running it's own resolver. Especially on devices that move
>> around a lot (like laptops).
>>
>> These could be made to be pretty lightweight. Smaller footprint than,
>> say, Angry Birds.
>>
>> Then you don't need to worry about the ISP (or the hotel's crappy
>> NXDOMAIN redirection, MX-intercepting) resolvers, you run your own
>> on-board and if the ISP/crappy hotel etc is trying to block that you
>> just tunnel it (or use that nifty dns-over-http gateway which was
>> discussed here recently).
>>
>> I have to confess I've been putting some thought into it again lately.
>>
>> - mark
>>
>
> You're not the only one:
>
> http://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html
>
> As another bonus, this would also fix the absolutely horrible Linux behavior when the first nameserver listed in resolv.conf is down.
I’m very worried about broken things like this device:
https://www.cloudshark.org/captures/273da18d3057
I think these will become more of an issue as I’m aware of many ISPs that have chronic issues with devices with bad behavior causing hard to troubleshoot DNS related failures.
- Jared
More information about the dns-operations
mailing list