On 2016/09/15 10:39, Remi Locherer wrote: > On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > > wont this also mean if it is not running i have to wait for the > > > > localhost > > > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) > > > > so i > > > > slow everything down for a timeout? > > > > > > Not if he connects to the TCP port 53 instead of the UDP; it looks like > > > rebound binds to both. > > > > OK. But I suspect this is multiple system-call roundtrip for everyone > > not running rebound. > > What about this: > > Add "rebound" as possible value to the lookup keyword in resolv.conf. > If this is set the libc resolver sends dns requests to the unix socket > /var/run/rebound.sock where rebound listens. rebound can use the > nameservers from /etc/resolv.conf without the risk of creating "loops". > > Remi >
Non-standard things in resolv.conf hurt; some programs parse this directly.
