Subject: Re: DNS Blacklist feature
To: M Graff <explorer@flame.org>
From: Giles Lean <giles.lean@pobox.com>
List: tech-kern
Date: 11/08/2007 08:45:38
M Graff <explorer@flame.org> wrote:
> I don't know how I feel about DNS blacklists, but I do feel it should
> not go in /etc/resolv.conf. That file is sort of "owned" by dhclient
> when I use it, and it's hard to change major parts of it.
I concur with my 2c.
This seems more like a job for a custom local DNS proxy than
it does the resolver code. Then it would also work for any
application that used /etc/resolv.conf but not the resolver
routines from libc.
Either way, I doubt that I'd use the proposed feature: unless
my ISP starts redirecting DNS traffic away from its true
destinations to their own servers I won't care what their
severs do. Since dialup days I've always run a local caching
server.
I've not measured recently (and it was probably three ISPs
ago) but a local caching server used to be both faster and
more reliable because it avioded the ISP's DNS server(s) as
a point of failure. Since then it ain't broke and I ain't
fixed it. :-)
Giles