In message <621227E8-9E03-11D8-A90C-000A9578C270@beer.org>, Herb Peyerl writes:
>
>On 4-May-04, at 1:35 PM, Steven M. Bellovin wrote:
>> The particular problem case is us.pool.ntp.org, which selects among a
>> large set of servers.  I suppose I could write a little daemon that
>> queries for it (and other important servers) after things are booted,
>> and changes the "static" entries in /etc/hosts...
>
>At the risk of causing offense, is there another nameserver you can put 
>at the bottom of your resolv.conf?
>
>Maybe your ISP's? 
>
Not easily, for several reasons.  First, the machine moves around, and 
from inside the corporate firewall I can't get to outside nameservers 
directly.  Second, web browsers seem to read resolv.conf once, at 
startup, which means it needs to be stable; 127.0.0.1 does the trick.  
(I have a bizarre script in /etc/dhclient-enter-hooks that replaces 
make_resolv_conf() with something that builds a named.conf file and 
then restarts named (and ntpd).  That usually works, though I sometimes 
encounter weird !@#$%^ hotel boxes that really want me to use a 
resolv.conf file instead.

Some of that goes back to an issue Erik Fair posed recently (on another 
mailing list, I think): there are too many components that bind too 
soon, and hence have to be restarted if the networking configuration 
changes.  He's right, though I don't see an easy general solution at 
the moment.

		--Steve Bellovin, http://www.research.att.com/~smb