:: Re: [DNG] how to clear DNS cache
Góra strony
Delete this message
Reply to this message
Autor: Alessandro Selli
Data:  
Dla: dng
Temat: Re: [DNG] how to clear DNS cache
Il 04/01/2017 20:45, Rick Moen ha scritto:
> Quoting Alessandro Selli (alessandroselli@???):
>
>> "Your network stinks. What DNS servers do you want to use?
> [amazing list, ending with:]
>
>> [ ] Pick random ones
>> [ ] Pick the geographically closest ones
>> [ ] No DNS configuration now
>>
>> Given there is choice, why artificially limit people's possibility to choose
>> how to skrew their networking up they way they enjoy it most? :-)
> But yet again, nobody is yet thinking to include what seems most obvious to me:
>
> [ ] Run Unbound as local recursive nameserver on this host.
> [ ] Run PowerDNS Recursor as local recursive nameserver on this host.
> [ ] Run BIND9 as local recursive nameserver on this host.
> [ ] Run dnscache as local recursive nameserver on this host.
> [ ] Run Deadwood as local recursive nameserver on this host.
>
> And I think that's a missed opportunity.


This is something that belongs to a different stage in the OS
installation, when:

1) the user determined that a DNS server must be installed;
2) that it has to run as a local recursive nameserver;
3) that a particular implementation of such a server must be installed.

I think most people will be either put off by such a question (the non
techies) or they will bemoan the amount of detailed questions they must
answer to get a basic system installed when they're in a hurry/have to
install a number of systems together.
This goes too far from solving the problem of getting a network
interface up and working in the shortest possible time imposing the
smallest possible amount of hassle on the user in order to get the
damned thing installed.
The installer must be quick, functional and easy, it must ask the
smallest possible number of questions and they must be questions
expressed in the easiest to understand terms and with the shortest
possible number of options. All the customization details and
fine-tuning options must be taken care of later, after the basic system
was set up and running. Of course there could be an option for an
expert installation, where one could choose the particular DNS server
that is to be installed, choose it's configuration (cache-only or
recursive nameserver, set forwarder servers), choose the firewall
settings, the web server to install, the web proxy to install, the
SMTP/IMAP, SNMP agent, Open{LDAP,VPN,SSH,iSCSI}, Kerberos, Tor, I2P,
$WHATEVER server that is to be installed and configured, *BUT!* let's
not stress the average Devuan guy too much flooding him/her of
questions, decisions, choices and settings that might eventually turn
out to be not those that best fit the system after installation is
finalized.

> Are people making the mistake of thinking they're require
> administration? They don't, you know. Unlike authoritative
> nameservers, there's nothing to administer.


Of course a local recursive DNS server too needs some administrative
attention, though it is simpler than an authoritative one. IMO,
installation of a recursive DNS server to me must be performed only
should the user explicitly ask for it in an expert installation
profile. The basic Devuan installation must carry the smallest possible
number of daemons to stay, well, *basic*. Let the user screw it up
later in the most imaginative and pervert possible way, after the reboot
though, not before.

And please keep in mind that in many Enterprise networks nodes are not
allowed to perform recursive queries on their own, they are instead
expected, and forced, to go through the organization's caching name
servers. And maybe, for all the most different reasons, in lousy hotel
networks, too! ;-)

> You set the daemon to run
> (and start it), you point /etc/resolv.conf to it (e.g., to 127.0.0.1 to
> make the local machine use it), and it runs itself. Finis. Nothing to
> adjust, nothing to administer. The distro installer could offer that,
> and make it so.
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng




--
Alessandro Selli <alessandroselli@???>
Tel. 3701355486
VOIP SIP: dhatarattha@???
Chiave PGP/GPG key: B7FD89FD