[Cerowrt-devel] Full blown DNSSEC by default?
woody77 at gmail.com
Mon Apr 14 05:29:23 EDT 2014
> So far as I know the caching functionality in dnsmasq in that instance
> is disabled due to fears about cache poisoning, that I don't fully
> understand. My half understood fear translates into equivalent fears
> for other local dns daemons.
Which isn't near the issue that application-level caching is. It seems to
be slowly getting better, but I've seen numerous apps (especially in
embedded space) cache resolved addresses seemingly forever. We found this
at my day-job when dealing with dns-based failover between servers.
I greatly prefer to disable application-layer caching entirely, and rely on
a central caching resolver like dnsmasq in those environments (where we're
running local to dnsmasq, so it's very fast).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cerowrt-devel