[dns-operations] DNS at FOSDEM 2016

Ralf Weber dns at fl1ger.de
Thu Feb 4 15:33:11 UTC 2016


On 3 Feb 2016, at 20:07, Robert Edmonds wrote:

> Ralf Weber wrote:
>> The OS having an resolver is a great idea until it has a problem,
>> which may be the reason that a lot of OS vendors so far haven't done
>> it.
> I can't think of a commonly used OS that doesn't have a resolver.  
> Some
> even have a long running resolver service that provides system-wide
> caching, which traditionally has been missing from GNU/Linux systems.
> (nscd exists, but is not widely used, TTBOMK.)
> For disambiguation purposes: I believe the systemd folks are working 
> on
> a "Validating Security-Aware Stub Resolver", not a "Security-Aware
> Recursive Name Server".
Sorry I was not precise enough. I have no problems with stub resolvers, 
but I think what we talked about was "Full resolver" as defined in 
RFC7719 in every client which I think will not scale at the moment.

>> I do hope that the systemd people offer an option not to use it.
> Yes, this is easy.  You list "dns" instead of "resolve" for 'hosts'
> lookups in /etc/nsswitch.conf.  In fact the nss-resolve module will
> chainload nss-dns, in certain cases where the systemd-resolved service
> is not available (e.g., early boot).
Thanks for the explanation.

So long

More information about the dns-operations mailing list