Re: Working with a local DNS cache
- From: Dan Williams <dcbw redhat com>
- To: Paul Wouters <paul xelerance com>
- Cc: Adam Langley <agl imperialviolet org>, networkmanager-list gnome org
- Subject: Re: Working with a local DNS cache
- Date: Fri, 07 Aug 2009 17:39:41 -0500
On Fri, 2009-08-07 at 18:25 -0400, Paul Wouters wrote:
> On Fri, 7 Aug 2009, Dan Williams wrote:
> >>> The most common local caching nameserver is currently dnsmasq, and it
> >>> also provides a D-Bus interface. If at all possible, we should try to
> >>> use *one* dbus interface. Not sure if you've looked at the dnsmasq dbus
> >>> API, but it might be worth a glance.
> >> I did look at it. It is the worst D-Bus API I have seen in a long time
> >> and not helpful. Someone would have to fix it first. The amount of
> >> parameter overloading it does is just insane. Otherwise dnsmasq has a
> >> pretty nice set of features.
> > Ok, fair enough. If that's the case, perhaps we should gently propose
> > fixes to Simon? He's quite responsive.
> If imposing a local DNS cache, please use Unbound or Bind, as those
Hah :) The reason I ripped out the DNS local caching code before was
because of more than a few (unfounded) complaints that people didn't
want to run bind on their desktop machine. Thus a more lightweight
solution like dnsmasq was desirable.
But in any case, if bind were to grow a usable dbus interface (while the
one it had before was OK, the bind D-Bus code itself was *horrible*)
then we could certainly add support for it too.
> are currently the only ones supporting DNSSEC. I hope we can enable
> one of those with DNSSEC per default on every fedora install soon, but
> that will take some convincing I think and won't happen overnight. But
> DNSSEC is another good reason why every host should run its own
> (validating) caching resolver.
DNSSEC is a good point though. Perhaps we "prefer" local caching
nameservers that can do DNSSEC before falling back to those that can't?
] [Thread Prev