[systemd-devel] [PATCH] resolved: re-add support for getting local domain from DHCP

Tom Gundersen teg at jklm.no
Thu Aug 14 05:31:48 PDT 2014 

On Thu, Aug 14, 2014 at 1:47 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Thu, 14.08.14 13:27, Tom Gundersen (teg at jklm.no) wrote:
>
>>
>> On Thu, Aug 14, 2014 at 1:11 PM, Lennart Poettering
>> <lennart at poettering.net> wrote:
>> >
>> > UseDomain= should have the effect of adding the domains from dhcp option
>> > 15 and 119 to the list of domains for the interface. And
>> > sd_network_get_link_domains() should then return a single list, of
>> > deduplicated entries, with the domains specified in Domains= first, and
>> > then the dhcp domains possible added in at the end.
>> >
>> > Zbigniew, I think this simplification would be beneficial, as I really
>> > don't see the need to make the search vs. route domain thing
>> > configurable....
>> >
>> > Tom, what's your take on all of this?
>>
>>
>> Sorry for taking forever to answer to this thread. I have been going
>> back and forth in my mind about how this should look.
>>
>> I think in the end I essentially agree with Lennart's last suggestion.
>> Let's make this dead-simple and collapse the search/route domains for
>> each link into a single list. I think this is fine given that we
>> restrict the search behaviour to single-labels.
>>
>> My only hesitation has been that I can imagine someone wanting to add
>> search domains that do not imply anything about routing. However, I
>> think in this case it does not make much sense to make this per-link,
>> but it should rather be a global SearchDomains= option (in
>> resolved.conf) or something to that effect.
>>
>> Zbigniew, Michael, what do you think?
>
> Tom reminded me of the fact now, that at the systemd hackfest in Brno
> last week (which really was more a "talkfest") people suggested we
> should actually make it possible that if you go to lets say
> "xhamster.com" you never ever want this to be resolved via the redhat
> VPN. That probably makes a lot of sense.
>
> Hence, I would suggest adding a syntax of:
>
>        [Network]
>        Domains=*
>
> which would have the effect to route all DNS traffic that is not
> explicitly routed somewhereelse to this interface.
>
> Internally, this would just set a boolean, which could be queried with:
>
>        int sd_network_link_get_wildcard_domain(int ifindex);
>
> or so, which would return 0 or 1 or negative -errno...
>
> But then again, this doesn't have to be there from day one, we can add
> that later... But of course, I'd love to see this done early on, too,
> after all the porn usecase is a major one.


As discussed off-list, I agree with adding this API / behaviour.

Cheers,

Tom

More information about the systemd-devel mailing list