default local DNS caching name server

William Brown william at firstyear.id.au
Sat Apr 12 03:08:41 UTC 2014 

On Sat, 2014-04-12 at 02:33 +0800, P J P wrote:
>   Hello,
> 
> > On Thursday, 10 April 2014 11:39 PM, P J P wrote:
> > I plan to file a feature/change request for this one. I got caught up with other 
> > work this past week so could not do it. Will start with it right away. 
> 
>   Please see -> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
> 
> It's a System Wide Change Proposal request up for review. 
> 
> I have set the target release as F22, because the proposal deadline for F21 was 08 Apr 2014 [1]. Besides, this change would require significant work on the related packages like NetworkManager etc. So F22 seems safer.
> 
> In case if you spot any discrepancies or have additional inputs or links to relevant documents etc. please feel free to update the wiki page or let me know and I'll add it there.
> --
> [1] https://fedoraproject.org/wiki/Releases/21/Schedule


I agree with the goal to add DNSSEC (Despite it's flaws). However, a
caching DNS server can create many headaches without a number of
considerations.

First, it should be easily possible to clear / invalidate the cache for
a GUI and CLI user. This isn't possible on windows for example, and is
why often they ask people to reboot computers in the first instance of
an issue or migration. Additionally, every time the interface state
changes from up/down, or the default route changes, the cache should be
cleared. Consider a user of a corporate network that serves both an
internal zone and an external zone. The user may enter or exit the
network, and cached records would continue to be served causing issue. 

Second, it can create issues as otherwise mentioned by "dodgy" hotspots.
They server a fake DNS record for all hosts that resolves to the
hostspot. When the client authenticates they begin to serve the real
records. If these records are cached, suddenly, the hotspot is now
unusable (Especially if they don't set a TTL of say 1.) This would
create frustration with users who didn't realise they needed to flush
their cache (See 1 ...)

Finally, I don't think it should be the default in the server product of
fedora. We often have a bind server on networks for servers which is
caching already. 


Sincerely,

-- 
William Brown <william at firstyear.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140412/b22a6d4e/attachment.sig>

More information about the devel mailing list