Bug#683586: debian-installer: Please include rdnssd in d-i and base system to fully automatic IPv6 support

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#683586: debian-installer: Please include rdnssd in d-i and base system to fully automatic IPv6 support
From: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Date: Thu, 02 Aug 2012 08:20:26 +0200
Message-id: <[🔎] 20120802062026.31927.58289.reportbug@sredniczarny.smp.if.uj.edu.pl>
Reply-to: Witold Baryluk <baryluk@smp.if.uj.edu.pl>, 683586@bugs.debian.org

Package: debian-installer
Severity: normal
Tags: ipv6 d-i

I belive that rdnssd package (IPv6 recursive DNS server discovery daemon)
should be included in d-i as udeb or even used by default,
as well installed by default in base system.

It is used for automatic configuration without DHCP (v6).

This is because indeed kernel does autoconfiguration (SLAC) by reciving
ICMP RA and properly adding addresses to interfaces on IPv6 enabled
networks, with proper routers. But this leavs other informations from RA
packets unprocessed. This include network domain name, ntp server names,
and DNS server addresses.

This is handled by rdnssd package:

Description-en: IPv6 recursive DNS server discovery daemon
rdnssd autoconfigures recursive DNS servers on IPv6 networks
using ICMPv6 Neighbor Discovery (RFC 5006), and can update the
DNS resolvers configuration (/etc/resolv.conf) accordingly.

rdnssd doesn't have any dependencies beside libc6. It recommends
resolvconf for even better IPv6 support but it is optional.

It is fully automatic, essentially doesn't have any configuration
(beside optional script which can be used for merging already existing
resolv.conf when not using resolvconf package/system).

It have just few files, main binary written in C is just 16100 bytes on
i386m abd consumes very small memory and cpu:

sredniczarny:~# ps aux | grep rdnssd
root 2837 0.0 0.0 1960 268 ? Ss lip30 0:00 /sbin/rdnssd -u rdnssd -H /etc/rdnssd/merge-hook
rdnssd 2838 0.0 0.0 2176 516 ? S lip30 0:00 /sbin/rdnssd -u rdnssd -H /etc/rdnssd/merge-hook

It also starts extremally quickly:

sredniczarny:~# time /etc/init.d/rdnssd start
[ ok ] Starting IPv6 Recursive DNS Server discovery Daemon: rdnssd.

real0m0.074s
user0m0.000s
sys0m0.004s

So, please include rdnssd by default on all systems.

It would be good idea to adive security team on this matter, because
as a networked deamon it can be prone to remote attacks (both DoS and
remote exploits). It should be pretty safe, considering simplisity of
processing rdnssd is doing, but still some cautions should be taken.

Regards,
Witek

-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.5.0-t43-prod-dirty (SMP w/1 CPU core)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to pl_PL.UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Follow-Ups:
- Bug#683586: debian-installer: Please include rdnssd in d-i and base system to fully automatic IPv6 support
  - From: Christian PERRIER <bubulle@debian.org>

Prev by Date: Debian installer build: failed or old builds
Next by Date: Bug#683586: debian-installer: Please include rdnssd in d-i and base system to fully automatic IPv6 support
Previous by thread: Spam cleaning effort: July 2012
Next by thread: Bug#683586: debian-installer: Please include rdnssd in d-i and base system to fully automatic IPv6 support
Index(es):
- Date
- Thread