> >> It'll be confusing, but the fact of the matter is that the "OS service > >> calls" are pretty broken for cases when you might have more than one > >> hostname to resolve and might care about doing other things at the same > >> time (like in a browser, say) > > > > I can understand why an OS wouldn't listen to this and they would be > > right. A domain is exact not fuzzed. > > I have no idea what you mean there. I'm talking about a situation where > you want to resolve foo.com, bar.cdn.com and resources.foo.com all in > parallel. No fuzzing of any sort. >
I was under the impression the problem was dotless hostnames conflicting with search. I don't see why multiple standard queries has any bearing, dns queries are cheap even though browsers do far more than they should pre-emptively by default (disabled in the OpenBSD firefox port by default after some enthusiastic discussion, shall we say). > > As for using your own resolver that would be an extremely bad move > > Please go read the long existing discussions on this. Please point me in the direction. At the moment I can only see bad things coming from that. I guess which made it a long discussion. Before dnssec and unbound I used tcp only, udp queries were blocked by my firewalls. I had a way around it for Windows boxes but I guess an inbuilt dns resolver would have really annoyed me?? Take a step back when OpenBSD pioneered good dns randomisation, mozillas dns resolver wouldn't have done, I guarantee it though the packet filter would have probably fixed it up again. I just can't see how all situations could possibly be foreseen. OSs can have multiple resolvers themselves. ________________________________________________________ Why not do something good every day and install BOINC. ________________________________________________________ _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security