Am 12.04.2014 15:31, schrieb Chuck Anderson: > On Sat, Apr 12, 2014 at 02:09:19PM +0800, P J P wrote: >>> On Saturday, 12 April 2014 11:11 AM, William Brown wrote: >>> Say I have freshly installed my fedora system at home. I then boot it up >>> and start to use it. My laptop is caching DNS results all the while from >>> the "unreliable" ISP. >>> >>> I then go to work and suddenly things don't work. >>> >>> Having a DNS cache doesn't fix your unreliable ISP: You need to lodge a >>> complaint with your ISP. >> >> What, no! that was the case for having local cache and not forwarding queries to the ISP's name servers at all. Because those are not reliable. > > I disagree. You can still do DNSSEC validation with a local caching > resolver and configure that local resolver to forward all queries to > the ISP. That should be tried first, and only bypassed and become a > full interative recursive querier bypassing the ISP resolvers if that > fails. We need to respect the DNS caching infrastructure by default. nonsense - there are so much ISP nameservers broken out there responding with wildcards and so on that you can not trust them and you will realize that if not before after you started to run a production mailserver which relies on NXDOMAIN responses for proper operations there are also a lot of broken DNS servers in general not respecting the TTL - not so long ago we moved one of our servers into our datacenter, changed the TTL to 5 minutes two days before and *7 months* later the DNS of my private ISP answered randomly with the old and the new address other DNS servers out there answered after 7 months still with the old the most broken one just answered with *both* suggesting round robin to the client - problem: the old IP did no longer exist at all how i tested that? by google for public answering nameservers, ask all which i found with a script and finally asked the tech contact of the broken ones why they not start to hire someone with the skills for DNS
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
