On Mon, May 18, 2015 at 07:33:43PM +0200, Lennart Poettering wrote: > On Mon, 18.05.15 12:26, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote: > > > I now agree with what Lennart proposed too. This is partially implemented > > now, and with UseDomains=yes, option 15 is used to to set 'search' field. > > > > I think we should go a step further, and set UseDomains=yes by default, > > to have 'search' populated in /etc/resolv.conf. I think the security > > reservations are overstated: > > iiuc, the concern was that multi-level domain names (i.e. those with at > > least > > one dot) could be spoofed by controlling the search suffix. But for > > names with at least two levels glibc only uses the search list as a > > fallback. > > Well, sure, being able to influence things at the beginning of the > search logic is more problematic than influencing things at the end of > the search logic, but i still think it's problematic, since it still > allows you to insert "home.foobar.com" into a domain "foobar.com" that > doesn't have "home.foobar.com" itself but only "www.bar.com"... > > Sure, classic (non-DNSSEC) DNS is not ever going to be fully secure, > but it I still believe we should default to the safer options, and > allow the others. > > Altering the search paths is inherently something that makes no sense > on public networks, it only makes sense if you know your network well, > and trust it to some level. Hence opt-in sounds like the better option > to me. Ok, this makes a lot of sense... but currently this policy is not very consistent. UseDNS defaults to true, which gives control of *all* names to the dhcp server, not just over the prefix. When we have DNSSEC by default, this will be different though, so that's fine I guess.
OTOH, I really don't see why UseHostname default to true. Why trust the server in this regard? > > The story is sligthly different for single-level names. By setting > > UseDomains=yes > > we allow the dhcp server some control over the resolution of those names. > > But that seems natural too. If we want to allow LLMR or avahi, allowing > > the dhcp server to also control local name resolution seems a natural > > extension. > > > > Any reservations for making UseDomains=yes the default? > > I'd really prefer if this stays opt-in. That said, I think it would be > a really good idea to improve the documentation of DHCP= to suggest > people to set UseDomains=yes if they need it. I now pushed a commit which does that. Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
