F23 System Wide Change: Default Local DNS Resolver
Reindl Harald
h.reindl at thelounge.net
Wed Jun 3 08:58:25 UTC 2015
Am 03.06.2015 um 09:14 schrieb Petr Spacek:
>> so with setup a dns cache on each and every machine you fuckup your network
>> because you introduce the same negative TTL caching affecting OSX clients for
>> years now
>
> Please let me clarify few things:
>
> 1) Negative caching is controlled by zone owner. If you are not happy that
> OSX/Windows clients cache negative answers for zones your company use - no
> problem, set SOA minimum field to 1 second and be done with that.
bad idea when you maintain public nameservers for some hundret domains
just because broken clietn software
> 2) Even if you have setup with site-wide caching resolvers, the responses from
> internal zones are cached anyway because all resolvers are not authoritative
> for all zones you care about (unless you are on a really small network).
they are and that don't depend on the network size
> I.e. if the caching is a problem you have the problem even nowadays.
>
> The positive caching is controlled by zone owner, too. If you are worried
> about stale data on clients, go and lower TTL to 1 second.
keep your cynicism for yourself
lower a TTL to 1 second is pure stupidity and without broken client
software not needed in a network with authoritative nameservers where
zone data is also shared with *public nameservers*
> Lowering TTL should work for all clients, no matter if they have local cache
> or not, i.e. including Windows/OSX.
lowering TTLs to fix stupid client defaults is not a fix
> Hopefully this shows that problem is not *technically* caused by caching on
> clients but by inappropriate TTL settings in zones. As a network
> administrator, you have the power to fix that centrally, without a need to
> touch every single client
sorry, but that is complete nonsense
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150603/6df0454a/attachment.sig>
More information about the devel
mailing list