[Opera-Linux] Flushing the DNS cache?

[Eirik Byrkjeflot Anonsen]

Daniel Pittman <daniel at rimspace.net> writes:

> Eirik Byrkjeflot Anonsen <eirik at opera.com> writes:
>> Kenneth Crudup <kenny at panix.com> writes:
>
> [...]
>
>>> I dunno if it's 'cause of the way y'all are using libresolv (or similar),
>>> but it's appearing to take on the first DNS I use. Try it and see.
>>
>> I guess it is possible that the system resolver (which would be libc
>> on linux, I think) caches the dns server address.  But even in that
>> case, I would assume that it only caches it per application.
>>
>> I'd be very disappointed in the desktop team if they aren't leaving
>> the whole job of dns resolution to the system resolver.  We do cache
>> the addresses the dns server returns, but we should never have a
>> reason to know what the address of the dns server itself is.
>
> Well, if you cache the result yourself, and the team responsible for
> that code have done a decent job, they *can't* use the libc resolver.
>
> The default code doesn't return the TTL of results, just the result, so
> to be able to implement a correct DNS cache you must talk DNS
> directly...

You're right.  Though I'd argue that it is better that we overshoot
extremely short DNS TTL values than that we fail to use the system
resolver.  Particularly if our DNS cache is using reasonably small TTL
values anyway (like 5 or 10 minutes), the cases where it would cause
problems would be extremely limited.

Though it also depends on the reason for caching.  If we are caching
only for performance gains, using a 1-minute timeout would probably be
fine (and should cause minimal problems for anyone).  If we are
caching for security reasons (as Herman suggested), then it may
actually be correct to use a longer TTL than what the dns server
suggests.  (Technically, I think that's called "pinning" rather than
"caching").

The problems of not using the system resolver are much more serious
(consistent failures to look up host names in some setups).

eirik