Re: default local DNS caching name server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2014-04-12 at 02:33 +0800, P J P wrote:
>   Hello,
> 
> > On Thursday, 10 April 2014 11:39 PM, P J P wrote:
> > I plan to file a feature/change request for this one. I got caught up with other 
> > work this past week so could not do it. Will start with it right away. 
> 
>   Please see -> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
> 
> It's a System Wide Change Proposal request up for review. 
> 
> I have set the target release as F22, because the proposal deadline for F21 was 08 Apr 2014 [1]. Besides, this change would require significant work on the related packages like NetworkManager etc. So F22 seems safer.
> 
> In case if you spot any discrepancies or have additional inputs or links to relevant documents etc. please feel free to update the wiki page or let me know and I'll add it there.
> --
> [1] https://fedoraproject.org/wiki/Releases/21/Schedule


I agree with the goal to add DNSSEC (Despite it's flaws). However, a
caching DNS server can create many headaches without a number of
considerations.

First, it should be easily possible to clear / invalidate the cache for
a GUI and CLI user. This isn't possible on windows for example, and is
why often they ask people to reboot computers in the first instance of
an issue or migration. Additionally, every time the interface state
changes from up/down, or the default route changes, the cache should be
cleared. Consider a user of a corporate network that serves both an
internal zone and an external zone. The user may enter or exit the
network, and cached records would continue to be served causing issue. 

Second, it can create issues as otherwise mentioned by "dodgy" hotspots.
They server a fake DNS record for all hosts that resolves to the
hostspot. When the client authenticates they begin to serve the real
records. If these records are cached, suddenly, the hotspot is now
unusable (Especially if they don't set a TTL of say 1.) This would
create frustration with users who didn't realise they needed to flush
their cache (See 1 ...)

Finally, I don't think it should be the default in the server product of
fedora. We often have a bind server on networks for servers which is
caching already. 


Sincerely,

-- 
William Brown <william@xxxxxxxxxxxxxxx>

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux