Re: Disable ZeroConf: how to ?

To: debian-devel@lists.debian.org
Cc: Ben Hutchings <ben@decadent.org.uk>
Subject: Re: Disable ZeroConf: how to ?
From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Date: Fri, 4 Mar 2011 20:56:29 +0100
Message-id: <[🔎] 201103042056.31423.roucaries.bastien@gmail.com>
In-reply-to: <[🔎] 1299241413.4277.74.camel@localhost>
References: <[🔎] 201103021825.32204.roucaries.bastien@gmail.com> <[🔎] 87hbbje4pj.fsf@qurzaw.varnish-software.com> <[🔎] 1299241413.4277.74.camel@localhost>

Le vendredi 4 mars 2011 13:23:32, Ben Hutchings a écrit :
> On Fri, 2011-03-04 at 08:15 +0100, Tollef Fog Heen wrote:
> > ]] Ben Hutchings
> > 
> > Hi,
> > 
> > | On Thu, Mar 03, 2011 at 05:20:37PM +0100, Tollef Fog Heen wrote:
> > | > To the extent this is a bug, it's a bug in the resolver that it does
> > | > not treat names with dots in them as absolute, but relative.  I know
> > | > this is how it's been done in the past, but perhaps changing that to
> > | > treating names with as absolute would be a better solution.
> > | 
> > | echo >>resolv.conf options ndots:15
> > 
> > Thanks for the suggestion, but this does not seem to do what I want, I
> > think?
> > 
> >   ndots:n
> >   
> >     sets a threshold for the number of dots which must appear in a name
> >     given to res_query(3) (see resolver(3)) before an initial absolute
> >     query will be made.  The default for n is 1, meaning that if there
> >     are any dots in a name, the name will be tried first as an absolute
> >     name before any search list elements are appended to it.  The value
> >     for this option is silently capped to 15.
> > 
> > I'd like it to not append the search list if there are dots at all.
> 
> You could stop being lazy and type the dot on the end too. ;-)
> 
> > so doing «getent hosts foo.bar» will only generate a query for
> > «foo.bar.», not for «foo.bar.$searchpath.»
> 
> I misparsed your question because I assumed you were addressing the
> 
> issue that Bastien pointed out in the message you replied to:
> > main security problem is resolver,
> > $host -v www.local
> > www.local
> > www.local.mydomain.com
> 
> And I believe that the 'ndots' option does address that issue - to an
> extent.  You still need DNSSEC or application-layer security to verify
> the answer, regardless of the presence of mDNS.

Not completly, it is a global default. I will prefer that mdns will be always solve as absolute name but want to use default for 
dns

BTW ndots seems broken at least in my installation and https://bugs.launchpad.net/ubuntu/+source/linux/+bug/401202

Bastien

Bastien

Reply to:

References:
- Disable ZeroConf: how to ?
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
- Re: Disable ZeroConf: how to ?
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: Disable ZeroConf: how to ?
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Bug#616475: ITP: librdf-trine-perl -- RDF Framework for Perl
Next by Date: Re: Bug#615476: general: many binaries are linked with non-existent libtiff.so.3 library
Previous by thread: Re: Disable ZeroConf: how to ?
Next by thread: Re: Disable ZeroConf: how to ?
Index(es):
- Date
- Thread