DNS client, OT?

[Danny Thomas]

On 07/02/2008, at 6:59 AM, Chris Buxton wrote:

> That's not how it works. It's up to the resolver logic to determine
> how to use the DNS servers provided. Older OS's used them in order.
> Newer OS's do not.

I believe that's the case for Windows but that unix resolvers still do  
not detect when the first entry (or first/second, etc) stops working,  
leading to resolution delays. ISC have explained that the processes  
belonging to multiple untrusted users can't safely update, say, a file  
with the result of their lookups so there's a global record of name- 
server success/response time, upon which all resolver instances could  
use. It would be possible to include the logic in the resolver  
library, but each process would then have to learn the first name- 
server was no longer working. That's why passing all resolver lookups  
through a daemon such as a caching name-server or lwres is a win, at  
the expense of that daemon needing to be supervised and restarted if  
necessary less all lookups slow down (the situation without the  
daemon) or fail (if the daemon 127.0.0.1) is the only entry in  
resolv.conf.

The simple safe alternative we'd like to see is RES_BLAST, in which  
the resolver sends the query to all name-servers listed in resolv.conf  
in parallel. We're mainly interested in doing so on our important  
servers. The downside of RES_BLAST is additional queries. There's also  
the issue that all name-servers should be consistent, but that applies  
whether or not RES_BLAST is used.

Danny