On 2016/09/16 11:40, Ted Unangst wrote:
> Dimitris Papastamos wrote:
> > By the way, what do you think about TCP caching support? I could send
> > a patch to do just that.
Caching sounds complicated, DNS is a bit of a minefield to handle,
you have to cope with things like compression - not that it's all that
hard to do, but it's been responsible for various crashes and worse
bugs over the years, it doesn't really sound like something that's
part of rebound's remit.
Do you mean just persistent TCP connections? That sounds simpler and
potentially quite handy.
> It seems unnecessary. tcp proxy support is there because it's necessary, but
> not because i think it's likely to be used. i'm pretty sure i never use it,
> except when i deliberately test that it's still working.
TCP for DNS is useful, not least because it's very easy to forward over
ssh. If you're stuck on a network that forcibly redirects DNS requests
to a broken local resolver, ssh-forwarding is about the simplest way
to point at a non-broken nameserver. It can also get through certain
types of packet loss (bad wifi networks..) a lot better than UDP.
> rebound isn't meant to be a replacement for unbound. it's just a piece of libc
> that lives somewhere else.