On Aug 8, 2009, at 2:06 PM, Tonnerre LOMBARD wrote:
Salut, On Sat, Aug 08, 2009 at 07:23:38PM +0200, Alan Barrett wrote:It has been my practice for may years to have "127.0.0.1" as the only nameserver in /etc/resolv.conf. I highly recommend this practice. If I am behind a broken firewall or DNS interceptor, then I put the addresses DHCP told me about into "forwarders" in named.conf, not into resolv.conf.And your intention behind this is to be screwed if your local resolver breaks?
I have less trouble with that than with hotel firewalls not letting my own queries through.
--Steve Bellovin, http://www.cs.columbia.edu/~smb