:: Re: [DNG] how to clear DNS cache
Top Page
Delete this message
Reply to this message
Author: Rick Moen
Date:  
To: dng
Subject: Re: [DNG] how to clear DNS cache
Quoting Jaromil (jaromil@???):

> for the record and the sake of historical correctness:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658


I install Debian so rarely (and always supply my own recursive
nameserver IP when I do) that I never noticed this policy decision. The
only good thing I can say about said policy is that it's easy to
override by the local sysadmin -- but really, DDs, if a service isn't
configured then the installer should default to no service, on the
Principle of Least Surprise. This shouldn't have been difficult for
them to figure out.

> there is however an issue we need to look at for Devuan: it seems the
> default dns resolver for our distribution is also back to 8.8.8.8, at
> least someone on irc backfired to this thread with this claim.
>
> despite this being a different change than just removing systemd, I
> clearly recall that with Nextime we agreed back at the time of that
> bug that we would not fall for this decision. So we should guard the
> default and change it again if necessary now.
>
> While at ISOC NL new years reception I'll use the dinner conversation
> to ask fellows at RIPE which public service dns they think are best.
> I do like the OpenNIC project, among their servers some already
> support dnscrypt.


I would suggest, if the installing sysadmin has opted to not configure
any DNS nameservice at all, i.e., was prompted for nameserver IP and
provided none, and also had did not opt to have one given to the host
with a DHCP lease, then the installing sysadmin should be assumed to
_not want_ DNS nameservice on that machine.

Some situations don't call for DNS nameservice, e.g., a compute cluster
with only an isolated network might deliberately use only /etc/hosts
files, or a NIS or LDAP network might use that host-name information
service (plus /etc/hosts) and not use DNS.[1]

IMO, the sysadmin should not wake up one morning, read his/her NIDS
reports, and say 'Why are my Linux machines all trying to talk to Google
Public DNS (or OpenDNS, etc.)? I didn't conigure that.'


[1] Last time I installed Solaris, it still defaulted that way. If you
don't furnish a nameserver IP or opt for DHCP, then there's not even a
DNS presence in nsswitch.conf .