Re: Working with a local DNS cache

[Dan Williams <dcbw redhat com>]

On Fri, 2009-08-07 at 18:25 -0400, Paul Wouters wrote:
> On Fri, 7 Aug 2009, Dan Williams wrote:
> 
> >>> The most common local caching nameserver is currently dnsmasq, and it
> >>> also provides a D-Bus interface.  If at all possible, we should try to
> >>> use *one* dbus interface.  Not sure if you've looked at the dnsmasq dbus
> >>> API, but it might be worth a glance.
> >>
> >> I did look at it. It is the worst D-Bus API I have seen in a long time
> >> and not helpful. Someone would have to fix it first. The amount of
> >> parameter overloading it does is just insane. Otherwise dnsmasq has a
> >> pretty nice set of features.
> >
> > Ok, fair enough.  If that's the case, perhaps we should gently propose
> > fixes to Simon?  He's quite responsive.
> 
> If imposing a local DNS cache, please use Unbound or Bind, as those

Hah :)  The reason I ripped out the DNS local caching code before was
because of more than a few (unfounded) complaints that people didn't
want to run bind on their desktop machine.  Thus a more lightweight
solution like dnsmasq was desirable.

But in any case, if bind were to grow a usable dbus interface (while the
one it had before was OK, the bind D-Bus code itself was *horrible*)
then we could certainly add support for it too.

> are currently the only ones supporting DNSSEC. I hope we can enable
> one of those with DNSSEC per default on every fedora install soon, but
> that will take some convincing I think and won't happen overnight. But
> DNSSEC is another good reason why every host should run its own
> (validating) caching resolver.

DNSSEC is a good point though.  Perhaps we "prefer" local caching
nameservers that can do DNSSEC before falling back to those that can't?

Dan