/etc/hosts handling plugin for unbound
Petr Menšík
pemensik at redhat.com
Tue Jan 3 13:53:44 UTC 2023
On 30. 12. 22 0:54, Paul Wouters wrote:
> Would it be a TLD "primary.", or would it be
> primary.<yourdomainsuffix>. ?
>
> It's tricky loading /etc/hosts into a resolver for unqualified entries.
> I kinda hope that unbound would just ignore them. A quick test shows
> it will just override a real FQDN. So on my machine with "search
> nohats.ca"
> in /etc/resolv.conf, an entry in /etc/hosts for "www" will use whatever
> is in /etc/hosts and not what is in dns for www.nohats.ca.
I think /etc/resolv.conf is configuration exclusively for dns plugin in
nsswitch/glibc. Any search inside does not apply to hosts entries. If
you specified www in /etc/hosts, then why shouldn't it reply to such
name? Whatever were specified should be also loaded. It might be
configurable behavior for single label names, but I would serve also
such names by default.
>
>> It seems to me it could be a special implementation of Cache DB
>> module. I admit I have never tried to use CacheDB module
>> yet.
>
> Not sure if this is worth the energy, when a simple systemctl restart
> unbound
> would also reread /etc/hosts. Sure you lose your cache, but I lost that
> battle a long time before when every interface change results in cache
> wipe.
>
> Paul
I have one picture here in office related to it. I think if all networks
specify domains with local specific content and wipe only those
(sub)domain cache entries on disconnection (or re-connection), then the
rest of the cache do not have to be erased. But until we have working
protocol to advertise such subdomains automatically and trustworthy,
automatic cache flush is safe enough. Network Manager does not yet
support any RFC related to ADD IETF proposals related to it. Any other
system does not seem to support something similar either. On common
end-user device flushing whole cache is not a big issue IMO. Should be
avoided for servers however.
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
More information about the Unbound-users
mailing list