Re: Fedora 33 System-Wide Change proposal: systemd-resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* Roberto Ragusa:

> Standard DNS has a hierarchical structure with roots and delegation.
> The idea of asking somebody to do DNS resolution for you comes from
> the widespread tendency to centralize everything (i.e. inability to
> understand how the Internet was originally designed).

DNS originally did not have a clear hierarchical structure.  You just
asked one server you liked, and it would point you towards a server
somewhat closer to the data source if it did not have the answer itself.

The hierarchy was always there in the background, to ensure eventually
successful lookups, but it gained prominence in implementations only
once it became apparent that you can only use data from servers that are
actually authoritative for the subtree in which the data resides.
Otherwise, you end up with rather trivial spoofing attacks.

> Insisting on using a DNS server for name resolution is like insisting
> on using a proxy for HTTP access.

I'm not sure if that's the appropriate analogy.  Most of us don't run
BGP on their laptops, and DNS is closer to that layer than to HTTP.

But it definitely doesn't make sense to create a deep hierarchy of
resolvers, somehow mirroring the hierarchy of delegation.

> The only sane DNS server we should have is the one on localhost (doing
> proper caching according to TTLs).

Many networks block outgoing UDP traffic, so you cannot run DNS locally
at all.  There are also concerns that the DNS infrastructure cannot
handle the load unless there is one level of shared caching betweeen the
endpoints and the authoritative servers.  Those DNS caches certainly
suppress some of the problematic client behavior (but they also add
their own share of broken queries, of course).

Thanks,
Florian
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux