F23 System Wide Change: Default Local DNS Resolver
Reindl Harald
h.reindl at thelounge.net
Mon Jun 1 18:02:44 UTC 2015
Am 01.06.2015 um 19:55 schrieb Jason L Tibbitts III:
>>>>>> "RSB" == Ryan S Brown <ryansb at redhat.com> writes:
>
> RSB> I disagree; for server & cloud deployments it doesn't make sense to
> RSB> duplicate a DNS server on *every* host, and if you care about
> RSB> DNSSEC you likely already run a trusted resolver.
>
> I disagree generally in the case of server deployments.
>
> Having a local caching resolver is pretty much essential, even though we
> all know it's just a workaround for glibc.
no it is not in case of a serious server setup - period
> Basically, if you have properly functioning DNS on multiple local
> servers but not having anything fancier like heartbeat-based IP handoff
> or a load balancing appliance or something, and the first resolver in
> resolv.conf goes offline, your hosts are screwed. glibc's resolver code
> is simply horrible. This is completely exclusive of DNSSEC issues.
if your *LAN* nameservers are going offline you need to solve that
problem and ask you why....
> What really concerns me is what happens with split DNS. I assume I'll
> just need to configure the local resolvers to talk only to my resolvers,
> but this would really need to be documented
well and by having shared resolvers in the network in case they are
properly configured spilt DNS won't happen ever - with a local resolver
not *only* forwarding to the LAN resolvers (and then you have not much
gained with the local resolver) it beomces much more likely
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150601/833d867e/attachment.sig>
More information about the devel
mailing list