Re: [RFC] DNS system upgrades from Alex Rousskov on 2013-02-20 (squid-dev)

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 20 Feb 2013 22:15:07 -0700

On 02/20/2013 06:56 PM, Amos Jeffries wrote:

> I'm only proposing for now that dns_defnames directive be enabled *if*
> resolv.conf is loaded containing search directive and nothing is in
> squid.conf setting it explicitly.

Yes, that would make sense to me: If the admin wants to use resolv.conf,
we should use all of it by default.

>> I
>> think there should be an easy way for an admin to disable all
>> /etc/resolv.conf use and rely on squid.conf settings exclusively. Use of
>> dns_nameservers may be a good trigger for that.
>>
>> In other words, I do not think Squid should pick up search clues from
>> /etc/resolv.conf when the admin explicitly configured dns_nameservers.
>> It feels like that would lead to messy configurations where the admin
>> will not know for sure where the information is coming from. We should
>> warn when options contradict each other.
>>
>> If there is a conflict, I think our preference should be towards "works
>> as expected" rather than "external DNS works as internal DNS (and so it
>> is easy to switch from former to the latter)".

> ... which to me means Squid always loading resolv.conf first and obeying
> its instructions, then overriding particular aspects of that behaviour
> with squid.conf settings.

I see your point. However, it may be better to simplify expectations
when admin starts tweaking things by using an "either resolv.conf or
squid.conf" principle. It would be unusual and unnatural, IMHO, to
specify domain names manually in squid.conf but then rely on resolv.conf
for "search" patterns so I am guessing most admins would not expect that
kind of combination.

One possible solution to clarify choices and minimize complex
dependencies is to group these options. The admin would have to pick one
of the following two approaches:

    # either use these resolvers, with these options:
    dns_resolution \
        resolvers=ip1,ip2,ip3 \
        search=tld1,tld2 \
        ...

    # or use resolv.conf, possibly overwriting some of its settings:
    dns_resolution \
        config=/etc/resolv.conf \
        search=... \
        ...

with the following being the default (no overwriting):

dns_resolution \
config=/etc/resolv.conf

I may be missing some details here, but I hope the above illustrates the
overall approach.

This is just an idea/suggestion for your consideration. It is not meant
to block your proposal in any way.

Thank you,

Alex.
Received on Thu Feb 21 2013 - 05:15:24 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 21 2013 - 12:00:06 MST