On Fri, 22.01.16 19:06, Florian Weimer (fwei...@redhat.com) wrote:

> On 01/21/2016 11:18 PM, Orion Poplawski wrote:
> > PS - There is some other discussion around "mymachines" which seems much 
> > more
> > problematic.  I'd like to just focus on myhostname for now.  The glibc
> > maintainer has indicated that he wants to wait for mymachines to be 
> > resolved,
> > but it's almost two months now and I don't see that being resolved soon.
> I still have philosophical objects to myhostname as well.  I find it odd
> that at one end, we struggle with DNS name space hijacking, but on
> another end, we do basically the same thing:
>   <https://github.com/systemd/systemd/issues/2026>
> The order in nsswitch.conf does not matter (and neither does any non-DNS
> name resolution mechanism) because if we end up having software which
> expects that “gateway” resolves to the IP address of the default
> gateway, we still have an interoperability problem.  And if “gateway” is
> never intended for name resolution, why synthesize the name at all?

nss-myhostname and systemd-resolved map the "gateway" name to the
addresses of the locally configured default routing gateway. Note that
we only do this for the single-label "gateway". A such it might
conflict with LLMNR names (which are all single-label names) as well
as search domain lists (which are generally applied to single-label
names), but generally not with classic DNS fqdns. This is because
A/AAAA RRs are generally not assigned to TLDs, and while that's not a
strict requirement (and in fact there are some TLDs which have A/AAAA
RRs, such as .dk), this is strongly recommended against by many
internet organizational bodies, including ICANN and IAB:


They recommend against allowing TLDs with address RRs specifically
because they conflict with local uses of single-label domains, in the
contexts of search lists and systems such as LLMNR.

Now, with that background, which clearly suggests that single-label
names are subject to *local* interpretation, nss-myhostnames resolves
"gateway" locally to the locally configured gateway, and I believe
that's completely within the idea and general accepted logic of
single-label domains. Now, you can argue this might create conflicts
with search domain logic and LLMNR, but well, the basic idea of
LLMNR/search lists is that it is non-organized, that it creates a very
local view of the worrld and subject to first-come-first-serve


Lennart Poettering, Red Hat
devel mailing list

Reply via email to