DNS client, OT?
Danny Thomas
d.thomas at its.uq.edu.au
Wed Feb 6 21:14:11 UTC 2008
On 07/02/2008, at 6:59 AM, Chris Buxton wrote:
> That's not how it works. It's up to the resolver logic to determine
> how to use the DNS servers provided. Older OS's used them in order.
> Newer OS's do not.
I believe that's the case for Windows but that unix resolvers still do
not detect when the first entry (or first/second, etc) stops working,
leading to resolution delays. ISC have explained that the processes
belonging to multiple untrusted users can't safely update, say, a file
with the result of their lookups so there's a global record of name-
server success/response time, upon which all resolver instances could
use. It would be possible to include the logic in the resolver
library, but each process would then have to learn the first name-
server was no longer working. That's why passing all resolver lookups
through a daemon such as a caching name-server or lwres is a win, at
the expense of that daemon needing to be supervised and restarted if
necessary less all lookups slow down (the situation without the
daemon) or fail (if the daemon 127.0.0.1) is the only entry in
resolv.conf.
The simple safe alternative we'd like to see is RES_BLAST, in which
the resolver sends the query to all name-servers listed in resolv.conf
in parallel. We're mainly interested in doing so on our important
servers. The downside of RES_BLAST is additional queries. There's also
the issue that all name-servers should be consistent, but that applies
whether or not RES_BLAST is used.
Danny
More information about the bind-users
mailing list