ANN: DNS resolver changes in yakkety
Steve Langasek
steve.langasek at ubuntu.com
Tue May 31 21:14:00 UTC 2016
On Tue, May 31, 2016 at 09:38:51PM +0200, Martin Pitt wrote:
> > In the past, resolved would use a single shared cache for the whole
> > system, which would allow for local cache poisoning by unprivileged
> > users on the system. That's the reason why the dnsmasq instance we spawn
> > with Network Manager doesn't have caching enabled and that becomes even
> > more critical when we're talking about doing the same change on servers.
> Indeed Tony mentioned this in today's meeting with Mathieu and me --
> this renders most of the efficiency gain of having a local DNS
> resolver moot.
However, reducing the number of DNS queries with caching is not a
requirement. The request was for the local resolver to cache information
about upstream resolvers being *available*, so that each process would not
have to find out for itself that the primary DNS server is offline and fail
over (with annoying timeouts).
Running a cache with the local resolver causes problems that we don't have
solutions for. Correct is more important than fast, we should run without
caching.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20160531/a87fcdaa/attachment.pgp>
More information about the ubuntu-devel
mailing list