On 06/01/2015 09:33 PM, Reindl Harald wrote: > > > Am 01.06.2015 um 21:28 schrieb Andrew Lutomirski: >> On Mon, Jun 1, 2015 at 12:25 PM, Ryan S. Brown <ryansb@xxxxxxxxxx> wrote: >>> A local DNS resolver would certainly be a surprise to me. Again, this >>> comes back to the expectation that a server isn't hopping networks or >>> running somewhere un-trusted where there's a high risk of bad actors. >> >> It's not just bad actors. Sometimes things break or you need to >> reconfigure your upstream resolvers. With a local caching resolver, >> this Just Works (tm). With the status quo, it requires restarting >> everything > > WHAT - the opposite is true, Andrew is right, glibc caches the name server *settings* (/etc/resolv.conf contents), but not the responses received. The recommended workaround is to use nscd, but this has issues of its own. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
