[dns-operations] DNS at FOSDEM 2016

Robert Edmonds edmonds at mycre.ws
Wed Feb 3 19:07:33 UTC 2016

Ralf Weber wrote:
> The OS having an resolver is a great idea until it has a problem,
> which may be the reason that a lot of OS vendors so far haven't done
> it.

I can't think of a commonly used OS that doesn't have a resolver.  Some
even have a long running resolver service that provides system-wide
caching, which traditionally has been missing from GNU/Linux systems.
(nscd exists, but is not widely used, TTBOMK.)

For disambiguation purposes: I believe the systemd folks are working on
a "Validating Security-Aware Stub Resolver", not a "Security-Aware
Recursive Name Server".

> I do hope that the systemd people offer an option not to use it.

Yes, this is easy.  You list "dns" instead of "resolve" for 'hosts'
lookups in /etc/nsswitch.conf.  In fact the nss-resolve module will
chainload nss-dns, in certain cases where the systemd-resolved service
is not available (e.g., early boot).


Robert Edmonds

More information about the dns-operations mailing list