In message <20140423184434.gl16...@angus.ind.wpi.edu>, Chuck Anderson writes: > On Wed, Apr 23, 2014 at 01:08:25PM -0500, Chuck Aurora wrote: > > On 04/23/2014 11:10 AM, Chuck Anderson wrote: > > > Has anyone had good experiences with using NSCD to solve the DNS > > > failover problem? > > > > I'm not a fan of nscd because as best as I can tell from its manual, > > nscd does not understand DNS TTL values. On a system where most nsswitch > > lookups are file-based, I don't see a lot of value in having those cached. > > Apparently that problem was fixed a decade ago at least with GLIBC but > no one got the message. I finally found a good thread about fixing > the stub resolver that addresses people's unwillingness to use NSCD: > > https://sourceware.org/ml/libc-alpha/2012-12/msg00416.html > > > DNS is an exception; caching is almost always a Good Idea. But why not > > use real DNS software to do that? And I'm not entirely biased[1], > > because I've also used dnsmasq in that role. (With dnsmasq's new DNSSEC > > support it's increasingly a good choice for such tasks.) > > I don't mind using a caching resolver BUT there should be a better > stub resolver that can be widely deployed in a default configuration > that doesn't require a local caching resolver to paper over its > deficiencies. Maybe NSCD (and some of the other ideas in the link I > posted) are part of the solution.
Over two decades ago I extended the stub resolver to use 127.0.0.1 first. It switched to other servers immediately if it got port unreachable by using a connected sockets for both UDP and TCP when talking to 127.0.0.1. These days you would use 127.0.0.1 and/or ::1. It also used connected sockets to talk to other servers which helped when the service was down but the server was up. I still effectively do the same thing today by forcing the dhcp client to prepend 127.0.0.1 to the list of nameservers being used and running my own validating caching server. Mark > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
