Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151026180831.GG8645@brightrain.aerifal.cx>
Date: Mon, 26 Oct 2015 14:08:31 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Re: Would not love to see reconsideration for domain and
 search

On Mon, Oct 26, 2015 at 05:41:48PM -0000, John Levine wrote:
> >Note that ndots=1 search is rather harmless as long as ICANN has a
> >prohibition on top-level domains resolving to an address.
> 
> That horse left the barn over 15 years ago:
> 
> https://www.rfc-editor.org/info/rfc7085
> 
> ICANN currently has a rule against it for generic TLDs, but they have
> no control over two-letter country codes, and as our RFC notes, a lot
> of ccTLDs have had A and MX records.

This is probably an argument for a default of ndots=0, to avoid a
regression looking up such names.

> I say currently because Google asked for an exception to put an A
> record to make http://search/ work, and it took some discussion before
> ICANN said no.  The no was as much about anti-competitive reasons, the
> default would be to Google's search engine, as the technical issues.
> If someeone else asked, they'd probably say no, but it's not cast in
> stone.
> 
> In response to another question about search order, the default value
> of ndots is 1, so any domain name with at least one dot, such as
> frodo.cs, is looked up directly before it tries a search list.  You

This is the behavior on glibc and most/all other legacy
implementations. The proposed musl behavior would not search at all in
the dots>=ndots case.

> can set ndots to anything you want, but I expect that your users would
> not be happy if gmail.com and yahoo.com could be shadowed by local host
> names.

Indeed, users setting up search domains and ndots>1 need to be careful
that they control the contents of those domains and that they don't
shadow anything needed from the global scope. This was a lot easier
before the ridiculous arbitrary-string TLDs were added. IMO use of
search domains is pretty much an outdated idea (that poses serious
risks of future breakage) but without the global-to-search fallback
that legacy implementions have (i.e. with the proposed musl
implementation), at least the risk of breakage is isolated to
inability to resolve _new_ domains rather than failure to resolve
existing ones that previously worked.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.