On Mon, 2015-06-01 at 21:33 +0200, Reindl Harald wrote: > > Am 01.06.2015 um 21:28 schrieb Andrew Lutomirski: > > On Mon, Jun 1, 2015 at 12:25 PM, Ryan S. Brown <ryansb@xxxxxxxxxx> wrote: > >> A local DNS resolver would certainly be a surprise to me. Again, this > >> comes back to the expectation that a server isn't hopping networks or > >> running somewhere un-trusted where there's a high risk of bad actors. > > > > It's not just bad actors. Sometimes things break or you need to > > reconfigure your upstream resolvers. With a local caching resolver, > > this Just Works (tm). With the status quo, it requires restarting > > everything > > WHAT - the opposite is true, glibc don't cache nameserver respones and > *now* if you change something on your central resolvers it gets visible > on any machine in your network > > with having a local cache on 1000 nodes *then* it requires restarting > everyting - so exactly the opposite you are saying You are assuming a specific configuration where the local resolver caches for the full ttl period and also caches negative hits. That's not necessarily true. With a caching period that does not exceed the ttl (but usually much shorter) for positive resolution and very short caching for negative results you would experience very little "latency" and generally not see any impact. Stop assuming how it works, and ask first, please. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
