Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Quoting Florian Weimer (email@example.com):
> lwresd is far less-tested than BIND, and tweaking the NSS configuration
> is something few people like to do.
Incidentally, the documentation for nss_lwres suggests the following
entry in /etc/nsswitch.conf, for Linux systems installing lwresd:
"hosts: files lwres [NOTFOUND=return] dns"
I had somehow missed lwresd's existence entirely, when I built my
catalogue of DNS nameserver implementations for Linux
(http://linuxmafia.com/faq/Network_Other/dns-servers.html), so I've
just written an entry, furnishing the above and other suggestions /
comments. (Entry may have errors, as I've not yet experimented with
lwresd, only read about it.)