F23 System Wide Change: Default Local DNS Resolver
Simo Sorce
simo at redhat.com
Tue Jun 2 17:41:39 UTC 2015
On Mon, 2015-06-01 at 21:33 +0200, Reindl Harald wrote:
>
> Am 01.06.2015 um 21:28 schrieb Andrew Lutomirski:
> > On Mon, Jun 1, 2015 at 12:25 PM, Ryan S. Brown <ryansb at redhat.com> wrote:
> >> A local DNS resolver would certainly be a surprise to me. Again, this
> >> comes back to the expectation that a server isn't hopping networks or
> >> running somewhere un-trusted where there's a high risk of bad actors.
> >
> > It's not just bad actors. Sometimes things break or you need to
> > reconfigure your upstream resolvers. With a local caching resolver,
> > this Just Works (tm). With the status quo, it requires restarting
> > everything
>
> WHAT - the opposite is true, glibc don't cache nameserver respones and
> *now* if you change something on your central resolvers it gets visible
> on any machine in your network
>
> with having a local cache on 1000 nodes *then* it requires restarting
> everyting - so exactly the opposite you are saying
You are assuming a specific configuration where the local resolver
caches for the full ttl period and also caches negative hits. That's not
necessarily true.
With a caching period that does not exceed the ttl (but usually much
shorter) for positive resolution and very short caching for negative
results you would experience very little "latency" and generally not see
any impact.
Stop assuming how it works, and ask first, please.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the devel
mailing list