Re: [DNSOP] draft-mglt-dnsop-search-list-processing-00.txt

Tue, 15 Apr 2014 10:08:33 -0700 

On Mon, 14 Apr 2014, Daniel Migault wrote:


Please find draft-mglt-dnsop-search-list-processing-00.txt


It states:

  In order to make systems end up with the same search list, here are
   our recommendations:

   - 1)  If the search list results from a manual configuration, then
      DHCP Options MUST NOT automatically affect the search list.  More
      specifically, Domain Name derived from DHCPv4 Domain Name Option
      [RFC2132] or DHCPv6 Client FQDN Option [RFC4704] and DHCP Domain
      Search Option [RFC3397], [RFC3646] are ignored for the concerned
      of search list generation.  This follows the recommendations of
      [RFC3397] and [RFC3646].

   - 2)  If the search list is not manually configured, then DHCP
      Options MAY be considered.  DHCP Domain Search Option [RFC3397],
      [RFC3646] are considered.  If considered, the search list is only
      defined by these options and only these options.

   - 3)  In the absence of DHCP Domain Search Options, the search list
      is derived from the Domain that is the DHCPv4 Domain Name Option
      [RFC2132] or DHCPv6 Client FQDN Option [RFC4704].  If so, the
      search list is only constituted of the Domain name of the host.

   - 4)  If none of these options are provided, then the search list is
      empty and resolution are directly performed over the public DNS.

While I don't disagree that this has been historically the case, with
DNSSEC on the stubs we have new issues to tackle. In the old days, we
could use the DHCP obtained DNS server for resolving, so local names
would just work. Now we don't, so that approach needs additional
configuration. So I do not believe we can keep the above listed old
behaviour intact.

If I hook into a LAN internal.nohats.ca in the office, people expect
that to become part of their search domain. And obviously at a
coffee shop with open wifi, we really do not want to add anything
to the search domain. This is all closely related to interaction with
forwarders, and what we decide to forward (local name to local
nameservers only or everything?).

For a long discussion, see:

https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html

Paul

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop






















					Reply via email to