On Sat, Apr 12, 2014 at 02:09:19PM +0800, P J P wrote:
> On Saturday, 12 April 2014 11:11 AM, William Brown wrote:
> Say I have freshly installed my fedora system at home. I then boot it up
> and start to use it. My laptop is caching DNS results all the while from
> the "unreliable" ISP.
>
> I then go to work and suddenly things don't work.
>
> Having a DNS cache doesn't fix your unreliable ISP: You need to lodge a
> complaint with your ISP.
What, no! that was the case for having local cache and not forwarding queries to the
ISP's name servers at all. Because those are not reliable.
I disagree. You can still do DNSSEC validation with a local caching
resolver and configure that local resolver to forward all queries to
the ISP. That should be tried first, and only bypassed and become a
full interative recursive querier bypassing the ISP resolvers if that
fails. We need to respect the DNS caching infrastructure by default.