default local DNS caching name server

Chuck Anderson cra at WPI.EDU
Thu Apr 10 14:41:54 UTC 2014

Back in 2012 there was a discussion about having Fedora default to
using a local DNS caching name server [1]:


I think this needs to be revisited.  While DNSSEC support has
historically been a driving factor for implementing this, there is an
even more fundamental need due to the poor performance of the system
in case the first listed nameserver in /etc/resolv.conf fails for some
reason.  It is shameful that Linux systems and applications in general
still, after 20+ years, can't perform adequately after a primary DNS
server failure.  The stub resolver in glibc which uses
/etc/resolv.conf can decide that the first listed nameserver entry is
down, but this decision has to be made over and over in every single
process on the system that is doing DNS resolution, resulting in
repeated long application hangs/delays.  We need an independent,
system-wide DNS cache, and always point resolv.conf to to
solve this fundamental design problem with how name resolution works
on a Linux system.  Windows has had a default system-wide DNS cache
for over a decade.  It is about time that Linux catches up.

Yesterday, a new version of dnsmasq was released [2] that adds full
DNSSEC support and provides an alternative to unbound which
dnssec-trigger requires.  There has also been great work done to solve
the NTP/DNSSEC bootstrap problem [3].  What options are currently
available in e.g. NetworkManager for using a local DNS cache and what
is the current status of this integration?  Is it ready yet for
turning on by default in all Fedora products?


More information about the devel mailing list