Ed W <li...@wildgooses.com> wrote on 10/31/2012 09:03:14: > > On 31/10/2012 10:36, Tomalak Geret'kal wrote: > > On 31/10/2012 10:35, Miroslav Lichvar wrote: > >> On Wed, Oct 31, 2012 at 10:14:01AM +0000, Tomalak Geret'kal wrote: > >>> Again, chrony doesn't need the TTL. Caching is handled by the > >>> resolver. > >>> getaddrinfo() blocking is a more concrete problem to solve - good > >>> spot. > >> I don't think getaddrinfo() does any caching, that has to be done in > >> nscd or a local DNS server. > >> > > I didn't claim otherwise! > > > > Tom > > Then you need to be very careful that millions of routers out there > don't suddenly start issuing DNS requests every few seconds because > someone upgraded a firmware to include this new version of chrony and > didn't notice the change in behaviour (not all chinese/taiwanese router > board builders will read the english release notes...)
Please don't let me get blamed for starting that avalanche! :-) > Remember unlike windows its much more normal to not have any dns caching > on linux and rely on the nearest upstream (hopefully inside your > infrastructure) My distros (Fedora and previously RHL) have done local caching for as long as I can remember. I'd be surprised to see one that doesn't actually. > I see that this is a very dangerous change. I'm inclined to agree with this now. I posted the Q because chrony's behavior seemed at odds with most network services, but I can clearly see now there are some very good reasons for that. In our case, we've got our own internal radio-clock server so we're not using pool.ntp.org, but I certainly realize many installs our going to be pointing to some round-robin DNS setup. IMHO I think the best strategy forward would be just leave things as they are, but perhaps add some warnings to the documentation and perhaps even run-time logs that the name resolution is a one-time deal. Run-time warnings could even point the user to a specific part of the docs explaining what was learned in this discussion. In any case, I very much appreciate everyone's effort to make it better and/or explain the devil in the details. Thank you all. -- John Florian
