>
> So far as I know the caching functionality in dnsmasq in that instance
> is disabled due to fears about cache poisoning, that I don't fully
> understand. My half understood fear translates into equivalent fears
> for other local dns daemons.


Which isn't near the issue that application-level caching is.  It seems to
be slowly getting better, but I've seen numerous apps (especially in
embedded space) cache resolved addresses seemingly forever.  We found this
at my day-job when dealing with dns-based failover between servers.

I greatly prefer to disable application-layer caching entirely, and rely on
a central caching resolver like dnsmasq in those environments (where we're
running local to dnsmasq, so it's very fast).

-Aaron