Consider preferring the OS defaults for DNS resolution to ease deployment in DNS opinionated environments

[claudijd]

I ran into this issue in a DNS opinionated setup (which happens to be the default for some mozilla DCs) where no unauthorized outbound DNS is allowed unless it's from an authorized DNS server. In the case of an MDC1 deployment, this should always be 127.0.0.1 and it's not entirely clear.

I almost wonder if the default should be not to set this value and trust the OS DNS defaults and then leave the commented DNS configuration there is people want to use it?

[claudijd]

Lacking this results in the following error in the nginx logs...

2018/02/26 15:03:58 [error] 29809#29809: *1 [lua] openidc.lua:452: openidc_discover(): accessing discovery url (https://auth.mozilla.auth0.com/.well-known/openid-configuration) failed: auth.mozilla.auth0.com could not be resolved (110: Operation timed out), client: REDACTED, server: REDACTED, request: "GET / HTTP/1.1", host: "REDACTED"

[the-smooth-operator]

I hit the same problem while trying to test the proxy locally. Even if it's not a big deal and already documented in the code I think could be nice to add a note or some kind of troubleshooting doc specifying the error