The state of resolv.conf

Les Mikesell lesmikesell at gmail.com
Thu Sep 18 22:59:13 UTC 2008 

Simo Sorce wrote:
> 
>>>> So the answer seems to be that glibc will not change it's simple
>>>> internal resolver (which has more limitations than just noticing
>>>> resolv.conf changes), but the recommendation is that lwresd or a local
>>>> caching nameserver be used for more complex DNS setups.
>>> A caching nameserver that can be instructed what to do when conditions
>>> change is what we really need.
>> Isn't it a little late to redesign the internet so names and addressing 
>> aren't delegated hierarchically?
> 
> What would this mean ?

What it would mean is that could have duplication of names and addresses 
and different nameservers give different results on purpose.  This 
happens with private lans with private addresses and non-registered 
domains and you can sort-of deal with it as long as the private space 
you see is all coordinated and has no overlap with the public.

> But let me ask a question in your own style: do you understand the
> difference between a normal DNS server and a local cache ?

I'm not sure what you mean by the question.  It is very normal for any 
DNS server to also be a local cache.  The issue here is about 'when 
conditions change', which in the context of public DNS is basically 
never - that is, any resolver anywhere will give the same result unless 
you go out of your way to localize it.  I think what we were talking 
about are situations where you have one or more private LAN segments 
with their own private name servers (that can probably also resolve 
public DNS) and your machine is a roaming laptop or you arbitrarily make 
and break VPN connections among the private segments.  In the simple 
roaming case you would let DHCP give you DNS servers that are primary or 
secondary for their private space as well as public resolvers.  In the 
more complicated setup, you can configure named to use different 
forwarders for different private zones.  You won't be able to resolve 
names if your VPN to a forwarder is down, but you wouldn't be able to 
connect there anyway so it's not a big loss.

-- 
   Les Mikesell
     lesmikesell at gmail.com

More information about the fedora-devel-list mailing list