On Fri, 08.08.14 18:00, Mateusz Jończyk ([email protected]) wrote: > Both issues could be solved by patching nss_myhostname: > - some configuration file which specifies which IP addresses to expose for > the > local hostname, > - reverse resolution may also be configurable, for example we could ask DNS > only for the reverse resolution of local IP addresses (except for 127.0.0.1).
Humm. No. The entire idea of nss-myhostname is that it resolves the local hostnames to the local IP addresses, whatever they are, fully dynamically. It's supposed to be configuration-free, stuff that just works, and returns the right data without any manual intervention. I mean, if adding a configuration file for this was desired: there's already one /etc/hosts. Which has been used for this kind of stuff since time began. But the idea here was to make it unnecessary to ever configure something and just make it magically work. > We may alternatively just give two recommendations: > - for personal desktops and laptops, where the DNS server is on the ISP > network, > myhostname should be first. > - for servers and boxes on corporate, trusted networks (if such exist at all), > when the above advantages matter and are more important then security, dns > should be first. No. People should just not assume any trust on name resolution unless DNSSEC or TLS or whatever else proves it. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
