[systemd-devel] [PATCH] resolved: re-add support for getting local domain from DHCP
Lennart Poettering
lennart at poettering.net
Thu Aug 14 04:47:16 PDT 2014
On Thu, 14.08.14 13:27, Tom Gundersen (teg at jklm.no) wrote:
>
> On Thu, Aug 14, 2014 at 1:11 PM, Lennart Poettering
> <lennart at poettering.net> wrote:
> >
> > UseDomain= should have the effect of adding the domains from dhcp option
> > 15 and 119 to the list of domains for the interface. And
> > sd_network_get_link_domains() should then return a single list, of
> > deduplicated entries, with the domains specified in Domains= first, and
> > then the dhcp domains possible added in at the end.
> >
> > Zbigniew, I think this simplification would be beneficial, as I really
> > don't see the need to make the search vs. route domain thing
> > configurable....
> >
> > Tom, what's your take on all of this?
>
>
> Sorry for taking forever to answer to this thread. I have been going
> back and forth in my mind about how this should look.
>
> I think in the end I essentially agree with Lennart's last suggestion.
> Let's make this dead-simple and collapse the search/route domains for
> each link into a single list. I think this is fine given that we
> restrict the search behaviour to single-labels.
>
> My only hesitation has been that I can imagine someone wanting to add
> search domains that do not imply anything about routing. However, I
> think in this case it does not make much sense to make this per-link,
> but it should rather be a global SearchDomains= option (in
> resolved.conf) or something to that effect.
>
> Zbigniew, Michael, what do you think?
Tom reminded me of the fact now, that at the systemd hackfest in Brno
last week (which really was more a "talkfest") people suggested we
should actually make it possible that if you go to lets say
"xhamster.com" you never ever want this to be resolved via the redhat
VPN. That probably makes a lot of sense.
Hence, I would suggest adding a syntax of:
[Network]
Domains=*
which would have the effect to route all DNS traffic that is not
explicitly routed somewhereelse to this interface.
Internally, this would just set a boolean, which could be queried with:
int sd_network_link_get_wildcard_domain(int ifindex);
or so, which would return 0 or 1 or negative -errno...
But then again, this doesn't have to be there from day one, we can add
that later... But of course, I'd love to see this done early on, too,
after all the porn usecase is a major one.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list