Re: Patch for fixing the slow DNS lookup issue

[Jakub Hrozek]

On Fri, Jul 25, 2014 at 09:34:23AM +0100, David Drysdale wrote:
 How about the attached?
 

 From ede0f84b8e9cfe4eeaafb1c90e5fea006e19fe5e Mon Sep 17 00:00:00 2001
 From: David Drysdale drysd...@google.com
 Date: Fri, 25 Jul 2014 09:28:46 +0100
 Subject: [PATCH] CONTRIBUTING: add file to indicate mailing list is preferred

Looks good to me! (Although I'm not a native speaker)

 
 ---
  CONTRIBUTING | 11 +++
  1 file changed, 11 insertions(+)
  create mode 100644 CONTRIBUTING
 
 diff --git a/CONTRIBUTING b/CONTRIBUTING
 new file mode 100644
 index ..c7dda05db014
 --- /dev/null
 +++ b/CONTRIBUTING
 @@ -0,0 +1,11 @@
 +Contributing to c-ares
 +==
 +
 +The c-ares developers prefer patches to be sent to the c-ares mailing list
 +rather than receiving pull requests via GitHub.  So for suggested changes
 +please:
 +
 + - Subscribe to the mailing list at:
 + http://cool.haxx.se/mailman/listinfo/c-ares
 + - Use 'git format-patch' to generate patch files.
 + - Send the patches to the mailing list at c-ares@cool.haxx.se
 -- 
 2.0.0.526.g5318336
 

Re: Patch for fixing the slow DNS lookup issue

[Daniel Stenberg]

On Fri, 25 Jul 2014, David Drysdale wrote:


Pushed.  Hopefully it might help a bit.


Speaking of that, we have three old pull requests pending:

  https://github.com/bagder/c-ares/pulls

--

 / daniel.haxx.se

Re: Patch for fixing the slow DNS lookup issue

[Nikos Mavrogiannopoulos]

On Fri, 2014-07-25 at 11:13 +0200, Jakub Hrozek wrote:

https://github.com/bagder/c-ares/pulls
 
 https://github.com/bagder/c-ares/pull/16 - I will ask my RH colleagues
 about this. There is an effort around DNSSEC in Red Hat development now,
 but I admit my DNSSEC knowledge is very limited, so I don't feel
 qualified for a review. As a general note, this should be discussed with
 the libc folks at the libc-alpha list.

The co-ordination with the glibc folks would be nice to occur in order
to have a consistent way to read the trusted nameservers for dnssec.
These servers need to be marked separately in order to allow the system
administrator to trust the local verifying unbound server, and not the
dns server of the hotel he just got DHCP, for dnssec verification. This
is important as the patch adds non-validating dnssec support and relies
on the upstream server to do validation; the advantage is that it avoids
any crypto dependencies.

Unfortunately the (months-long) discussion on libc-alpha didn't end in
anything productive, hence I implemented what I thought best, i.e., a
separate resolv-sec.conf file. That part is separated from the rest of
the functionality (the last patch in pull request), and I'd be happy to
update it if you have a better idea.

If you have better communication skills than me you may want to resume
the discussion in libc-alpha (or some other libc people like the
freebsd). Nevertheless, in glibc my understanding is that they don't
plan to implement anything dnssec related anytime soon, so even if an
agreement is made that may not binding to them. Overall, I think it
would be nice for c-ares to have that functionality even if glibc
doesn't.

regards,
Nikos