|
On 11/17/2014 06:54 PM, Rahul Sundaram
wrote:
"already from the basic design resolved is very different from unbound. resolved keeps a seperate "scope" for the DNS servers on each interface. A "scope" is a resolver state machine plus a cache. That way, we can neatly separate VPN DNS servers from internet DNS servers, and merge them transparently. That means that with resolved in the mix for the first time you don't lose access to your LAN's DNS names, fully automatically, without any manual hacks. Also, as interfaces come and go their caches do too with this scheme, hence all the cache flushing complexity of dnssec-trigger doesn't exist at all. Then, because we actually implement LLMNR and DNS int he same stack (as well as mDNS very soon), we can transparently merge those protocols too." For those of us that deal with VPNs, we know how hard split horizon is, and actually how important it is for good performance. It is almost a shame it took until now for someone to address DNS by Interface. Actually it coincides with work in IETF on such matters. |
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
