Re: F23 System Wide Change: Default Local DNS Resolver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3.6.2015 10:58, Reindl Harald wrote:
> 
> Am 03.06.2015 um 09:14 schrieb Petr Spacek:
>>> so with setup a dns cache on each and every machine you fuckup your network
>>> because you introduce the same negative TTL caching affecting OSX clients for
>>> years now
>>
>> Please let me clarify few things:
>>
>> 1) Negative caching is controlled by zone owner. If you are not happy that
>> OSX/Windows clients cache negative answers for zones your company use - no
>> problem, set SOA minimum field to 1 second and be done with that.
> 
> bad idea when you maintain public nameservers for some hundret domains just

I agree that it is a very bad idea to ignore DNS caching. It was built-in on
purpose.

> because broken clietn software

I'm sorry for disappointing you.

The behavior I describe is standard for last ~ 20 years 1987 (RFCs
1034/1035/2308). If you don't agree with standard then you cannot use DNS
technology as standardized. Here I'm not sure if other Fedora users would also
welcome non-standard behavior.

If you feel that the standard is broken then *please* continue with discussion
on IETF's dnsop mailing list:
https://www.ietf.org/mailman/listinfo/dnsop

Thank you for understanding.

Petr^2 Spacek

>> 2) Even if you have setup with site-wide caching resolvers, the responses from
>> internal zones are cached anyway because all resolvers are not authoritative
>> for all zones you care about (unless you are on a really small network).
> 
> they are and that don't depend on the network size
> 
>> I.e. if the caching is a problem you have the problem even nowadays.
>>
>> The positive caching is controlled by zone owner, too. If you are worried
>> about stale data on clients, go and lower TTL to 1 second.
> 
> keep your cynicism for yourself
> 
> lower a TTL to 1 second is pure stupidity and without broken client software
> not needed in a network with authoritative nameservers where zone data is also
> shared with *public nameservers*
> 
>> Lowering TTL should work for all clients, no matter if they have local cache
>> or not, i.e. including Windows/OSX.
> 
> lowering TTLs to fix stupid client defaults is not a fix
> 
>> Hopefully this shows that problem is not *technically* caused by caching on
>> clients but by inappropriate TTL settings in zones. As a network
>> administrator, you have the power to fix that centrally, without a need to
>> touch every single client
> 
> sorry, but that is complete nonsense

-- 
Petr Spacek  @  Red Hat
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux