On Tue, May 31, 2016 at 09:38:51PM +0200, Martin Pitt wrote: > > In the past, resolved would use a single shared cache for the whole > > system, which would allow for local cache poisoning by unprivileged > > users on the system. That's the reason why the dnsmasq instance we spawn > > with Network Manager doesn't have caching enabled and that becomes even > > more critical when we're talking about doing the same change on servers.
> Indeed Tony mentioned this in today's meeting with Mathieu and me -- > this renders most of the efficiency gain of having a local DNS > resolver moot. However, reducing the number of DNS queries with caching is not a requirement. The request was for the local resolver to cache information about upstream resolvers being *available*, so that each process would not have to find out for itself that the primary DNS server is offline and fail over (with annoying timeouts). Running a cache with the local resolver causes problems that we don't have solutions for. Correct is more important than fast, we should run without caching. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature
-- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel