About root zones

[Matus UHLAR - fantomas]

>> On 02.01.12 17:03, Barry Margolin wrote:
>> >In that case, you probably shouldn't enable the option.  I'm not even
>> >suggesting that the option be on by default.
>> >
>> >Actually, does libresolv really use those other facilities?

>In article <mailman.665.1325598835.68562.bind-users at lists.isc.org>,
> Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>> highly depends on configuration of host.conf or nsswitch.conf, but
>> afaik hosts are preferred by default on most of systems.
>>
>> >gethostbyname() does, but BIND probably shouldn't use that, because it
>> >loses data like TTLs.
>>
>> and that is one of reasons why BIND does not (and apparently even
>> should not) use system libresolv and gethost* functions.

On 03.01.12 09:37, Barry Margolin wrote:
>Are we talking about the same libresolv?  I'm talking about functions
>like res_query(), which are very DNS-specific.  They return the raw DNS
>reply data, including details like TTL.
>
>gethostbyname() is the function that uses nsswitch.conf.

Yes, I've mistaken those two.

However, it comes to another reason why BIND should not use system 
resolver: If someone messes it up (e.g. puts bad entry to /etc/hosts), it 
could mess up DNS.

Replicating configuration errors to DNS may also break things.

In fact, it may cause similar problems than Peter Andreev is trying to 
avoid.  And it may cause them independantly on the nameserver used.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !