default DNS caching name server on Fedora ?

[Simo Sorce]

Ok, I guess this topic has been brought up before, but I think some
things changed recently that would warrant seriously considering adding
a default caching name server in fedora installs.

There are at least 2 situations where it is needed, and they are common
or will be common enough.

The 2 use cases for which a properly configurable and dynamically
changeable caching DNA name server would be really useful are:
- DNSSEC verification
- Clients using VPNs into private networks.

The first case is already in the works, and the reason it needs a
caching DNS name server is the complexity of dealing with DNSSEC
verification. I won't spend time on that except for saying this effort
should be part of a unified solution.

The second case is what is really hurting me.
I have my own DNS server at home that resolves address only for my
private network, and forwards any other request.

When I connect to my employer VPN however I need to use their DNS server
to resolve their internal machines, the same happens to pretty much any
other VPN service I have used. Also I do not need to route all DNS
traffic in the VPN for all web sites, mostly for performance reasons,
but also for privacy reasons.

This could be easily solved if we have a caching DNS server that can be
dynamically change to forward DNS requests to the proper DNS server only
for the private domains they provide.

A good name caching server would forward all .redhat.com DNs request top
the DNS addresses provided by the VPN connection, all my .home addresses
to my local DNS server (provided by dhcp) and perhaps all other
addresses to a configurable 'default DNS server'.

Of course for this to work properly we need some level of integration
between Network Manager and the DNS caching server so that the dynamic
configurations can be pushed in/out when the related networks come
up/down.

Discuss.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York