> > 1. tcpdump -i any 'port domain'

> Shouldn't we also confirm here the hostname being queried? It should
be the one without a final dot, right? And without the search domain
appended.

There is no concept of "final dot" in DNS queries. At the low, protocol
level, all queries are always absolute / fully qualified. Each DNS
client maintains its search domain configuration separately and
privately, and all the search domain logic happens entirely in user
space libraries. tcpdump can't see whether search domains were used or
not.

Unfortunately, the search domain logic seems highly configurable and
variable over time, across resolvers on the same machine (even at the
same time), etc. So it seems quite hard to predict how many search
domains will be used / how many DNS queries will be issued, it could
vary across systems and/or over time.

> > => observe the NXDOMAIN noise over a couple few minutes
>  Observe where, in the nmcli terminal, tcpdump one, or logs? 

In tcpdump and journactl -f (3rd terminal). nmcli doesn't know anything
about this. nmcli is only a testing means.

> What is an indication that things are ok, and what is an indication that they 
> aren't?
> [...]
> but I'm sorry, this test plan is not descriptive enough:

I'm afraid the problem is worse: I feel like the requirements are not
clearly defined and/or prioritized in the first place. What is most
important: minimizing DNS traffic? Or just minimizing logging noise? Or
babysitting "enterprise" firewalls that don't understand DNS? Or worse
"ossifications"[*]. You can't have it all. Among others, it depends on
which ossifications are acceptable versus not. None of those trade-offs
is up to me :-)

This being said, you could probably have the best of both worlds by (1)
supporting multiple URLs (NM change) and (2) querying with a final dot
first, and then without one if the first query failed due to some
ossified firewall. This NM change would help in other situations, see
above.

[*] https://lwn.net/Articles/745590/

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2148643

Title:
  [SRU] connectivity-check.ubuntu.com URL change?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2148643/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to