F23 System Wide Change: Default Local DNS Resolver
Petr Spacek
pspacek at redhat.com
Wed Jun 3 11:39:23 UTC 2015
On 3.6.2015 10:58, Reindl Harald wrote:
>
> Am 03.06.2015 um 09:14 schrieb Petr Spacek:
>>> so with setup a dns cache on each and every machine you fuckup your network
>>> because you introduce the same negative TTL caching affecting OSX clients for
>>> years now
>>
>> Please let me clarify few things:
>>
>> 1) Negative caching is controlled by zone owner. If you are not happy that
>> OSX/Windows clients cache negative answers for zones your company use - no
>> problem, set SOA minimum field to 1 second and be done with that.
>
> bad idea when you maintain public nameservers for some hundret domains just
I agree that it is a very bad idea to ignore DNS caching. It was built-in on
purpose.
> because broken clietn software
I'm sorry for disappointing you.
The behavior I describe is standard for last ~ 20 years 1987 (RFCs
1034/1035/2308). If you don't agree with standard then you cannot use DNS
technology as standardized. Here I'm not sure if other Fedora users would also
welcome non-standard behavior.
If you feel that the standard is broken then *please* continue with discussion
on IETF's dnsop mailing list:
https://www.ietf.org/mailman/listinfo/dnsop
Thank you for understanding.
Petr^2 Spacek
>> 2) Even if you have setup with site-wide caching resolvers, the responses from
>> internal zones are cached anyway because all resolvers are not authoritative
>> for all zones you care about (unless you are on a really small network).
>
> they are and that don't depend on the network size
>
>> I.e. if the caching is a problem you have the problem even nowadays.
>>
>> The positive caching is controlled by zone owner, too. If you are worried
>> about stale data on clients, go and lower TTL to 1 second.
>
> keep your cynicism for yourself
>
> lower a TTL to 1 second is pure stupidity and without broken client software
> not needed in a network with authoritative nameservers where zone data is also
> shared with *public nameservers*
>
>> Lowering TTL should work for all clients, no matter if they have local cache
>> or not, i.e. including Windows/OSX.
>
> lowering TTLs to fix stupid client defaults is not a fix
>
>> Hopefully this shows that problem is not *technically* caused by caching on
>> clients but by inappropriate TTL settings in zones. As a network
>> administrator, you have the power to fix that centrally, without a need to
>> touch every single client
>
> sorry, but that is complete nonsense
--
Petr Spacek @ Red Hat
More information about the devel
mailing list