ANN: DNS resolver changes in yakkety

Steve Langasek steve.langasek at ubuntu.com
Tue May 31 21:14:00 UTC 2016


On Tue, May 31, 2016 at 09:38:51PM +0200, Martin Pitt wrote:
> >     In the past, resolved would use a single shared cache for the whole
> >     system, which would allow for local cache poisoning by unprivileged
> >     users on the system. That's the reason why the dnsmasq instance we spawn
> >     with Network Manager doesn't have caching enabled and that becomes even
> >     more critical when we're talking about doing the same change on servers.

> Indeed Tony mentioned this in today's meeting with Mathieu and me --
> this renders most of the efficiency gain of having a local DNS
> resolver moot.

However, reducing the number of DNS queries with caching is not a
requirement.  The request was for the local resolver to cache information
about upstream resolvers being *available*, so that each process would not
have to find out for itself that the primary DNS server is offline and fail
over (with annoying timeouts).

Running a cache with the local resolver causes problems that we don't have
solutions for.  Correct is more important than fast, we should run without
caching.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20160531/a87fcdaa/attachment.pgp>


More information about the ubuntu-devel mailing list