Talk:Domain name resolution

From ArchWiki
Jump to navigation Jump to search

Some DNS servers flush the cache when the configuration changes

unbound and systemd-resolved flush the cache when the network configuration changes. However dnsmasq with the default setup keeps its cache when the configuration changes. Is this information worth adding to the comparison table? -- Pdc (talk) 12:40, 3 March 2019 (UTC)

Implement DoT with stunnel on any server

Can't we use stunnel with any of the listed servers ? I am not sure if it is possible to forward every queries from the server to stunnel, or how to make every answer from the server go through stunnel (maybe use iptables ?) -- Apollo22 (talk) 21:01, 25 May 2019 (UTC)

I don't know about this, I've yet to research in enough detail. What I'd really like to offer readers is a way they can replace insecure outbound DNS requests with a more trustless implementation of DNS-Over-HTTPS (or DoT). I say 'trustless' because what it would do is send the request to a few DNS servers, say four, and will wait for three identical responses before visiting that IP address. Is there anything that does this?
I think is imperative that we have something like this. The amount of centralization that internet has experienced is something I find dangerous for a number of reasons (Archaid (talk) 17:27, 16 September 2020 (UTC)).