Rick Moen <[email protected]> wrote: >> Even worse is when there isn't a >> mechanism for turning this off. > > Well, not quite. if you know *ix at all[0]: > > # sed -i 's/^nameserver/#nameserver/' /etc/resolv.conf > > > To disable system DNS (but not /etc/hosts) entirely: > > # cp /etc/nsswitch.conf /etc/nsswitch.conf-ORIGINAL > # sed -i 's/dns//g' /etc/nsswitch.conf
OK, I stand corrected. But it's still having to manually "fix" something that wasn't (as people point out) broken for 30 years and now suddenly (and without warning) is now broken. > Well, I would also _hope_ that you have NTP only if you elected to run > it. Unlike covert distro-installer additions to /etc/resolv.conf, NTP > involves running a network daemon. Indeed. NTP is only something I have to install if I want it. But you are wrong in that the DNS thing is **not** an addition to resolv.conf - if it were then there would be a little less hate for it. It's the hidden nature of it that really annoys. Arnt Gulbrandsen <[email protected]> wrote: >> What is absolutely, 100%, not acceptable behaviour is what's been done - to >> silently do something that no sane admin would expect, and many people have >> objections to doing. Even worse is when there isn't a mechanism for turning >> this off. > > You can also make a similar argument that if the software requests DNS > lookups and nothing's been firewalled, then the **ONLY** correct behaviour is > to fulfil the request. > > There is a contradiction here. An operation is requested and configured to be > available in the firewall, but configuration blocks it elsewhere. Calling any > particular behaviour a 100% solution is IMO naïve. Taking the last bit first, I didn't say anything was 100% right - what I said was that one thing is 100% wrong. Big difference. But the firewall thing is a red herring really. If I haven't configured a DNS resolver, then any software asking the "system" for DNS resolution should fail. I should not have to explicitly block it in a firewall to stop it, and what if there's no firewall - does that mean I'm implicitly allowing any software to do whatever it likes regardless of how I've configured it ? _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
