[dns-operations] DNS at FOSDEM 2016
dns at fl1ger.de
Thu Feb 4 15:33:11 UTC 2016
On 3 Feb 2016, at 20:07, Robert Edmonds wrote:
> Ralf Weber wrote:
>> The OS having an resolver is a great idea until it has a problem,
>> which may be the reason that a lot of OS vendors so far haven't done
> I can't think of a commonly used OS that doesn't have a resolver.
> even have a long running resolver service that provides system-wide
> caching, which traditionally has been missing from GNU/Linux systems.
> (nscd exists, but is not widely used, TTBOMK.)
> For disambiguation purposes: I believe the systemd folks are working
> a "Validating Security-Aware Stub Resolver", not a "Security-Aware
> Recursive Name Server".
Sorry I was not precise enough. I have no problems with stub resolvers,
but I think what we talked about was "Full resolver" as defined in
RFC7719 in every client which I think will not scale at the moment.
>> I do hope that the systemd people offer an option not to use it.
> Yes, this is easy. You list "dns" instead of "resolve" for 'hosts'
> lookups in /etc/nsswitch.conf. In fact the nss-resolve module will
> chainload nss-dns, in certain cases where the systemd-resolved service
> is not available (e.g., early boot).
Thanks for the explanation.
More information about the dns-operations