nscd and DNS cache

[Ed Greshko]

On 05/18/2012 03:22 PM, JD wrote:
> So, what's to prevent someone from simply modifying dnsmasq
> (or any other open source caching name resolver) to change
> the expiration time to a value greater than what the owner
> of the domain wants? Sure it may result in using stale
> ip addresses once in a while. I think that's more tolerable than
> having to wait anywhere from 10 to 30 seconds to resolve every
> new name browsed to; (new relative to contents of the cache).

Nothing "stops" anyone from doing that....except they'd be mucking with the DNS
system in ways unintended/unexpected.  I personally wouldn't use that software.

If you need to wait that long for address resolution then you've either got a *very*
slow network, your link is saturated, or the DNS server you're contacting is a poor
performer.

I had an ISP here in Taiwan that required you to use their DNS servers.  They blocked
port 53 outbound from their network.  Their DNS servers would get overloaded from
time to time...but even then I rarely waited for more than a second or two.

Some people prefer to set their resolv.conf to point to 8.8.8.8 and 8.8.4.4 which are
2 of google's public nameservers that are very fast.

-- 
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage