On Fri, 22.01.16 19:06, Florian Weimer (fweimer@xxxxxxxxxx) wrote: > On 01/21/2016 11:18 PM, Orion Poplawski wrote: > > > PS - There is some other discussion around "mymachines" which seems much more > > problematic. I'd like to just focus on myhostname for now. The glibc > > maintainer has indicated that he wants to wait for mymachines to be resolved, > > but it's almost two months now and I don't see that being resolved soon. > > I still have philosophical objects to myhostname as well. I find it odd > that at one end, we struggle with DNS name space hijacking, but on > another end, we do basically the same thing: > > <https://github.com/systemd/systemd/issues/2026> > > The order in nsswitch.conf does not matter (and neither does any non-DNS > name resolution mechanism) because if we end up having software which > expects that “gateway” resolves to the IP address of the default > gateway, we still have an interoperability problem. And if “gateway” is > never intended for name resolution, why synthesize the name at all? nss-myhostname and systemd-resolved map the "gateway" name to the addresses of the locally configured default routing gateway. Note that we only do this for the single-label "gateway". A such it might conflict with LLMNR names (which are all single-label names) as well as search domain lists (which are generally applied to single-label names), but generally not with classic DNS fqdns. This is because A/AAAA RRs are generally not assigned to TLDs, and while that's not a strict requirement (and in fact there are some TLDs which have A/AAAA RRs, such as .dk), this is strongly recommended against by many internet organizational bodies, including ICANN and IAB: https://www.icann.org/resources/board-material/resolutions-new-gtld-2013-08-13-en https://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/ They recommend against allowing TLDs with address RRs specifically because they conflict with local uses of single-label domains, in the contexts of search lists and systems such as LLMNR. Now, with that background, which clearly suggests that single-label names are subject to *local* interpretation, nss-myhostnames resolves "gateway" locally to the locally configured gateway, and I believe that's completely within the idea and general accepted logic of single-label domains. Now, you can argue this might create conflicts with search domain logic and LLMNR, but well, the basic idea of LLMNR/search lists is that it is non-organized, that it creates a very local view of the worrld and subject to first-come-first-serve conflicts. Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
