On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote:
> > > wont this also mean if it is not running i have to wait for the localhost
> > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so
> > > i
> > > slow everything down for a timeout?
> > Not if he connects to the TCP port 53 instead of the UDP; it looks like
> > rebound binds to both.
> OK. But I suspect this is multiple system-call roundtrip for everyone
> not running rebound.
What about this:
Add "rebound" as possible value to the lookup keyword in resolv.conf.
If this is set the libc resolver sends dns requests to the unix socket
/var/run/rebound.sock where rebound listens. rebound can use the
nameservers from /etc/resolv.conf without the risk of creating "loops".