Peter, >From the resolv.conf man page:
http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5 "The domain and search keywords are mutually exclusive. If more than one instance of these keywords is present, the last instance will override." I believe what is happening is the search keyword is sticking centroid.euto probably everything. This isn't a issue with the code, its a miss-configuration. Of course I could be horribly wrong and someone might come over and kick my dog to teach me a lesson.... ~Jeff On Tue, Dec 24, 2013 at 9:33 AM, Peter J. Philipp <[email protected]> wrote: > On Tue, Dec 24, 2013 at 10:25:06AM -0500, Kenneth R Westerback wrote: > > On Mon, Dec 23, 2013 at 02:37:47PM +0100, Peter J. Philipp wrote: > > > I'm trying to track down the code in the libasr that causes this > behaviour: > > > > > > Whenever I go to a IPv4 site and IPv6 query is made for domain+mydomain > > > like a search. So with logging turned on, on my nameserver I get this: > > > > > > pjp@americas$ grep canoe.ca.centroid.eu /var/log/all > > > Dec 20 17:00:37 americas wildcarddnsd[29850]: request on descriptor 17 > > > interface "em0" from 212.114.242.132 (ttl=54, region=255) for > > > "chealth.canoe.ca.centroid.eu." type=AAAA(28) class=1, answering > "NXDOMAIN" > > > > > > The problem is that my nameservers are in china and latin america and > > > I'M sorta worried about these leaks. This particular log came from my > > > nameserver in panama and the packet passes miami. > > > > I'm not clear on what the leak you are worried about is. > > > > .... Ken > > Hi Ken, Merry Christmas! > > I was browsing http://chealth.canoe.ca when I saw the above log. I'm > supposing > the resolver looks up chealth.canoe.ca, and then eventually does a lookup > for > chealth.canoe.ca.centroid.eu. centroid.eu is the domain I configured in > resolv.conf by means of DHCP. > > I'm wondering why it does that though? Someone in the US, like the NSA, > can > then sit back and see my browsing habits, which I call a leak. I'm hoping > on > finding the knob that turns this off. The leak wouldn't happen if my > centroid.eu nameservers were just in .de but then you can just replace NSA > with BND the german intelligence sniffers (s/NSA/BND). > > I'd really just rather replace the function that allows > chealth.canoe.ca.centroid.eu lookup to exit my DSL as all that should > exit is > a lookup for just chealth.canoe.ca, which takes a different lookup path > in the > Internet. > > Regards, > > -peter > > > > > > > My resolv.conf file looks like this on the workstation here in germany: > > > > > > jupiter$ more /etc/resolv.conf > > > # Generated by re0 dhclient > > > search centroid.eu > > > nameserver 192.168.34.1 > > > domain centroid.eu > > > lookup file bind > > > family inet6 inet4 > > > > > > > > > The leak only happens with AAAA queries, like said. Any hints on > > > tracking this down and squelching it? > > > > > > Regards, > > > > > > -peter
