From nobody Thu Oct 13 16:35:00 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MpFVc24jZz4f6Vr for ; Thu, 13 Oct 2022 16:35:04 +0000 (UTC) (envelope-from bob@proulx.com) Received: from havoc.proulx.com (havoc.proulx.com [96.88.95.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4MpFVb1rq6z3XQ9 for ; Thu, 13 Oct 2022 16:35:03 +0000 (UTC) (envelope-from bob@proulx.com) Received: from joseki.proulx.com (localhost [127.0.0.1]) by havoc.proulx.com (Postfix) with ESMTP id B669AA5C for ; Thu, 13 Oct 2022 10:35:00 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proulx.com; s=dkim2048; t=1665678900; bh=xGjOzo+LO76wyFI0mv8XBW2bWdlrl412VlyNQmzkBKs=; h=Date:From:To:Subject:References:In-Reply-To:From; b=R1mqaEaLmFnny3GJXWnoNSDhrUGCvzDVOVz/gZOF1tAhO4/2xWet4K1V/ITf1CAiI J068QBTRD9BWq4cZAw+Vjsm+zqhduEc/4Ty8omH7ZCzh5rhvHKiS0ScYKhiq25RpkC C7wLO8cvqTF/An8/J4gNTBPq5HLny6Xx9POrGVLxKag0IL/2XbviCjQxxh84hcDOaI iGiZTVYb5E1qaj0FNNwaSSYHTxTd1TXFN64izHywxdLRgox7yK+uButMNAMnZXPa8n la5vRTOVgrd7WWcEvaEv9gt67yAd4TDq7yA19hPE/eL9+U1YWIzCMUbmrD+0wZR8yG KrJCWDbhF32cw== Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 93F687A001 for ; Thu, 13 Oct 2022 10:35:00 -0600 (MDT) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 8AF9869262AA; Thu, 13 Oct 2022 10:35:00 -0600 (MDT) Date: Thu, 13 Oct 2022 10:35:00 -0600 From: Bob Proulx To: FreeBSD Questions Mailing List Subject: Re: resolv.conf question Message-ID: <20221013102456085799804@bob.proulx.com> Mail-Followup-To: FreeBSD Questions Mailing List References: <20221012185254621820516@bob.proulx.com> <7F000833-031D-41D9-8C49-F999F1A9AD73@gushi.org> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7F000833-031D-41D9-8C49-F999F1A9AD73@gushi.org> X-Rspamd-Queue-Id: 4MpFVb1rq6z3XQ9 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=proulx.com header.s=dkim2048 header.b=R1mqaEaL; dmarc=pass (policy=none) header.from=proulx.com; spf=pass (mx1.freebsd.org: domain of bob@proulx.com designates 96.88.95.61 as permitted sender) smtp.mailfrom=bob@proulx.com X-Spamd-Result: default: False [-3.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; NEURAL_HAM_LONG(-0.99)[-0.990]; DMARC_POLICY_ALLOW(-0.50)[proulx.com,none]; R_DKIM_ALLOW(-0.20)[proulx.com:s=dkim2048]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[proulx.com:+]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; RCVD_TLS_LAST(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; ASN(0.00)[asn:7922, ipnet:96.64.0.0/11, country:US] X-ThisMailContainsUnwantedMimeParts: N Dan Mahoney wrote: > I really wish the DNS resolver libraries in the system stack > supported quicker failover, or perhaps randomizing the list of > servers. All of that "fancy stuff" is done in the nameserver level. Meaning that if that is desired then the answer is installing a local caching nameserver. Or using a tightly coupled LAN one that can't fail. There can be a significant amount of code to implement this behavior. And differing opinions on the implementation. Enough to keep it out of libc which should avoid those issues. And also note that the resolver only reads resolv.conf at start up time. Meaning that if changes are made any programs using it must be restarted. Whereas changes to the namerserver are shared with all clients of the nameserver immediately when the nameserver is reconfigured. > If you're falling back to the second line in your resolv.conf, > something has gone terribly wrong. Strongly agree! > It's trivially easy to run an unbound caching resolver on localhost, > and it gives you the benefit of DNSSEC as well. +1 Bob