Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20151026153511.GE8645@brightrain.aerifal.cx>
Date: Mon, 26 Oct 2015 11:35:11 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Re: Would love to see reconsideration for domain and
 search

On Sun, Oct 25, 2015 at 06:26:43PM -0700, Isaac Dunham wrote:
> On Sat, Oct 24, 2015 at 06:02:15PM -0400, Rich Felker wrote:
> > The only place adding search support might negatively impact existing
> > musl users is by causing hostnames with no dots to be queried with the
> > (often useless and unwanted) default domain set by dhcp before
> > failing. My preference would probably be having musl default to
> > ndots=0 rather than ndots=1 so that search has to be enabled
> > explicitly. Are there any reasons this would be undesirable?
> 
> Could you explain what this all would mean to someone who has only a
> general understanding of how DNS works, a home network, and a desire
> to set up a local DNS server?
> 
> I have a couple use-cases in mind, which I think involve either the
> "search" or "domain" keywords in resolv.conf; I'll describe them in case
> they pertain.
> 
> 1: the university I attended had a bunch of resources which were available
> as sub-domains. The way DHCP/DNS/resolv.conf was set up, local sites
> (for example, http://myweb.csuchico.edu/) were available using only the
> bare subdomain (in the same example, http://myweb/); I forget whether
> they used "domain" or "search" for this. This was something I
> appreciated.

Yes, this is what adding search domain support would allow. Note that
with ndots=1, "myweb" would work, but "myweb.math" would not.

> 2: On my home network (configured via DHCP, no DNS server yet), I have a
> network printer that advertises itself using a name in the general format
> of MFC0000DEADBEEF (where 0000DEADBEEF is the MAC address, stripped of
> separators). It uses this hostname for DHCP and avahi.
> However, this name is only available for avahi clients like cups; I
> want to be able to access it by the same name from non-avahi programs
> like 'ping', 'links', etcetera, since it's rather annoying to have a
> 'magic' name that usually works in your printing daemon, but no way
> to map it to an IP for any troupleshooting/configuration tools.
> 
> Currently, I've got it set up so the printer has a static lease and I
> thus know the IP, but I want to use DNS because that's the only way all
> tools on all computers on the network will automatically know that
> MFC0000DEADBEEF is (for example) IP 192.168.255.255.
> It would be rather annoying to have some tools where I can use that name,
> and some where I need to specify "mfc0000deadbeef.local" instead.

Doing this requires dunning a local nameserver that joins the avahi
(mdns, I think) results under some domain you control with the global
dns namespace. I suspect dnsmasq or one of the other dns servers made
for home network use can do this but I haven't checked. In principle
it's even possible with BIND and some scripting to query mdns and use
the results to update dynamic dns entries but that's rather ugly.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.