Author: Rick Moen Date: To: dng Subject: Re: [DNG] how to clear DNS cache
Quoting Simon Hobson (linux@???):
> So, OK add it as an option in an advanced level install.
That would be pointless. I've already detailed why. This is just a
complicated way of saying 'We're not bothering'. If you-all don't want
to bother, fine. Do it the simple way, by doing nothing.
> So once again, it looks like were in violent agreement once we work
> out what each other are talking about :-)
For better or worse, no.
> In the context I thought we were talking about, loading a local resolver will probably help a small number of people,
I (continue to) disagree. It would of a certainty help a large number
of people.
On my laptop, for example, I run an Unbound instance reached by loopback
because the machine goes a large number of places that have more often
than not have notably dodgy or untrustworthy recursive nameservers.
Eschewing those nameservers gives me better performance, reliability,
and security. About a third of the time on hotel wifi connection, I
wonder briefly why I'm not getting the login page and remember 'Oh yes.
Badly implemented captive portal' and comment out my nameserver line in
resolv.conf long enough to do login. Life is better, and I wonder why
an otherwise intelligent user community -- Linux users -- put up with
terrible ISP and similar recursive nameservers when it's so easy to just
not outsource this essential function, one that Linux is uniquely
qualified to avoid outsourcing.
I even did the same on my workstation for my Operations Department at
$WORK _even though_ I ran all our PowerDNS infrastructure, because
it was essential that I be able to reasonably trust and use the machine
in front of me even if we had a security incident or company nameserver
downtime.
You don't see it. Which means we're wasting time talking.
> > A good DHCP-based network will of course point clients via the DHCP
> > option for same to a good local recursive nameserver -- preferably yours
> > rather than Google's. ;->
>
> I'd go so far as to say "any working DHCP" will do that - it doesn't need to be a "good" network, just a functional one !
The problem about accepting the offerings of _any_ working DHCP is that
it gets you _any_ recursive nameserver. _My_ nameservers (offered in my
own LAN's DHCP leases) don't have terrible performance, reliability, and
security, but generic, abitrary recursive nameservers operated by
somebody-anybody-nobody-in-particular tend towards the opposite.
Why settle for bad when you can have excellent for free? But you don't
see it, so we're wasting time talking.