On Tue, Dec 24, 2013 at 12:09:18PM -0800, Jeff O'Neal wrote: > Peter, > > >From the resolv.conf man page: > > http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5 > > > "The domain and search keywords are mutually exclusive. If more than one > instance of these keywords is present, the last instance will > override." > > I believe what is happening is the search keyword is sticking > centroid.euto probably everything. This isn't a issue with the code, > its a > miss-configuration.
Jeff, Maybe you're on to something, but the last instance is the domain keyword, not the search. I'll take that out of my resolv.conf.tail file where I believe it is and watch the logs if I see any behaviour like this. Give me a few days... Cheers, -peter > Of course I could be horribly wrong and someone might come over and kick my > dog to teach me a lesson.... > ~Jeff > > > > On Tue, Dec 24, 2013 at 9:33 AM, Peter J. Philipp <[email protected]> wrote: > > > On Tue, Dec 24, 2013 at 10:25:06AM -0500, Kenneth R Westerback wrote: > > > On Mon, Dec 23, 2013 at 02:37:47PM +0100, Peter J. Philipp wrote: > > > > I'm trying to track down the code in the libasr that causes this > > behaviour: > > > > > > > > Whenever I go to a IPv4 site and IPv6 query is made for domain+mydomain > > > > like a search. So with logging turned on, on my nameserver I get this: > > > > > > > > pjp@americas$ grep canoe.ca.centroid.eu /var/log/all > > > > Dec 20 17:00:37 americas wildcarddnsd[29850]: request on descriptor 17 > > > > interface "em0" from 212.114.242.132 (ttl=54, region=255) for > > > > "chealth.canoe.ca.centroid.eu." type=AAAA(28) class=1, answering > > "NXDOMAIN" > > > > > > > > The problem is that my nameservers are in china and latin america and > > > > I'M sorta worried about these leaks. This particular log came from my > > > > nameserver in panama and the packet passes miami. > > > > > > I'm not clear on what the leak you are worried about is. > > > > > > .... Ken > > > > Hi Ken, Merry Christmas! > > > > I was browsing http://chealth.canoe.ca when I saw the above log. I'm > > supposing > > the resolver looks up chealth.canoe.ca, and then eventually does a lookup > > for > > chealth.canoe.ca.centroid.eu. centroid.eu is the domain I configured in > > resolv.conf by means of DHCP. > > > > I'm wondering why it does that though? Someone in the US, like the NSA, > > can > > then sit back and see my browsing habits, which I call a leak. I'm hoping > > on > > finding the knob that turns this off. The leak wouldn't happen if my > > centroid.eu nameservers were just in .de but then you can just replace NSA > > with BND the german intelligence sniffers (s/NSA/BND). > > > > I'd really just rather replace the function that allows > > chealth.canoe.ca.centroid.eu lookup to exit my DSL as all that should > > exit is > > a lookup for just chealth.canoe.ca, which takes a different lookup path > > in the > > Internet. > > > > Regards, > > > > -peter > > > > > > > > > > My resolv.conf file looks like this on the workstation here in germany: > > > > > > > > jupiter$ more /etc/resolv.conf > > > > # Generated by re0 dhclient > > > > search centroid.eu > > > > nameserver 192.168.34.1 > > > > domain centroid.eu > > > > lookup file bind > > > > family inet6 inet4 > > > > > > > > > > > > The leak only happens with AAAA queries, like said. Any hints on > > > > tracking this down and squelching it? > > > > > > > > Regards, > > > > > > > > -peter
