On Thu, Sep 15, 2016 at 10:04:00AM +0100, Stuart Henderson wrote: > On 2016/09/15 10:39, Remi Locherer wrote: > > On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > > > wont this also mean if it is not running i have to wait for the > > > > > localhost > > > > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, > > > > > etc) so i > > > > > slow everything down for a timeout? > > > > > > > > Not if he connects to the TCP port 53 instead of the UDP; it looks like > > > > rebound binds to both. > > > > > > OK. But I suspect this is multiple system-call roundtrip for everyone > > > not running rebound. > > > > What about this: > > > > Add "rebound" as possible value to the lookup keyword in resolv.conf. > > If this is set the libc resolver sends dns requests to the unix socket > > /var/run/rebound.sock where rebound listens. rebound can use the > > nameservers from /etc/resolv.conf without the risk of creating "loops". > > > > Remi > > > > Non-standard things in resolv.conf hurt; some programs parse this directly.
I did not think of this. Was there a big fallout in 2009 when the family option was added? How do programs that parse /etc/resolv.conf directly deal with "lookup yp"? (I know, lookup yp hase been removed recently).
