Re: Disable ZeroConf: how to ?
Le vendredi 4 mars 2011 13:23:32, Ben Hutchings a écrit :
> On Fri, 2011-03-04 at 08:15 +0100, Tollef Fog Heen wrote:
> > ]] Ben Hutchings
> >
> > Hi,
> >
> > | On Thu, Mar 03, 2011 at 05:20:37PM +0100, Tollef Fog Heen wrote:
> > | > To the extent this is a bug, it's a bug in the resolver that it does
> > | > not treat names with dots in them as absolute, but relative. I know
> > | > this is how it's been done in the past, but perhaps changing that to
> > | > treating names with as absolute would be a better solution.
> > |
> > | echo >>resolv.conf options ndots:15
> >
> > Thanks for the suggestion, but this does not seem to do what I want, I
> > think?
> >
> > ndots:n
> >
> > sets a threshold for the number of dots which must appear in a name
> > given to res_query(3) (see resolver(3)) before an initial absolute
> > query will be made. The default for n is 1, meaning that if there
> > are any dots in a name, the name will be tried first as an absolute
> > name before any search list elements are appended to it. The value
> > for this option is silently capped to 15.
> >
> > I'd like it to not append the search list if there are dots at all.
>
> You could stop being lazy and type the dot on the end too. ;-)
>
> > so doing «getent hosts foo.bar» will only generate a query for
> > «foo.bar.», not for «foo.bar.$searchpath.»
>
> I misparsed your question because I assumed you were addressing the
>
> issue that Bastien pointed out in the message you replied to:
> > main security problem is resolver,
> > $host -v www.local
> > www.local
> > www.local.mydomain.com
>
> And I believe that the 'ndots' option does address that issue - to an
> extent. You still need DNSSEC or application-layer security to verify
> the answer, regardless of the presence of mDNS.
Not completly, it is a global default. I will prefer that mdns will be always solve as absolute name but want to use default for
dns
BTW ndots seems broken at least in my installation and https://bugs.launchpad.net/ubuntu/+source/linux/+bug/401202
Bastien
Bastien
Reply to: