On Thu, Mar 15, 2018 at 05:05:24PM +0000, Simon Kelley wrote:
> 
> Anyone else have thoughts?
> 

I think this sort of thing introduces new behavior that is not supported
by any DNS standard.  Almost all of these resolv.conf-based dances
revolve around a handful of use cases:

1) Someone wants to pretend DNS is not a single namespace;
2) Someone wants a DNS server that selectively lies;
3) Someone wants a DNS server that pretends DNS is not a single
   namespace *and* that selectively lies.

In almost all of these circumstances, the correct answer is to have a
resolve service that lies and/or splits namespaces, separate from the
resolver that participates in the real DNS system on the internet, and
have the lying resolver query the real service when necessary.

The excuses for not taking this approach are myriad and invalid.

I dislike the extreme complexity introduced by this non-compliant
behavior, but I also have a stronger dislike for the social effects:
after growing used to the peculiarities of a specific Rube Goldberg
machine, users begin to assume that standards-compliant implementations
are 'wrong' and should be 'fixed.'  After a while, we wind up with
de-facto expectations that are deviant from standardized behavior, and
that's not a good situation for anyone.

However, I would have less of a problem if patches to introduce
non-standard behavior were maintained in contrib, with a big warning
that they are provided for the convenience of people who insist on doing
the wrong thing, but are not standards-compliant and should not be
treated as canonical behavior.

Regards,
khm


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to