On Fri, Dec 02, 2022 at 06:03:51PM +0100, Steffen Nurpmeso wrote:
> Simply add a dnsmasq local cache. dnsmasq is a package on
> AlpineLinux, i use it. (Including dnssec, and it even serves its
> cache back into a VPN, so that effectively only one instance does
> all the web queries.) (I use it for over twenty years, i did DNS
> myself around this time.)
Deploying dnsmasq does not do anything to address the limitations of the
stub resolver, at least not unless the C-library stub resolver has
special hooks to talk directly to dnsmasq over some dbus protocol or
similar, bypassing UDP and the 512-byte DNS message limit in the absense
of EDNS0. I would naïvely expect MUSL libc to not have such hooks.
Having neither EDNS0 with a reasonably generous buffer size (1400 and
1232 are common choices), nor TCP fallback on truncation is rather
unfortunate. TCP support is NOT optional in DNS.
--
Viktor.
