default local DNS caching name server

Paul Wouters paul at
Thu Apr 10 15:36:01 UTC 2014

On Thu, 10 Apr 2014, Billy Crook wrote:

> I don't think pointing resolv.conf at is the right answer
> for this.  The functionality should be implemented as a 'hosts'
> service to be listed in nsswitch.conf between files and dns.

For security reasons, you really want resolv.conf to only point to Otherwise applications cannot determine the security of
the DNSSEC answers without doing full validation inside every
application themselves.

See recent discussions on the DANE mailinglist regarding the AD bit


More information about the devel mailing list