[systemd-devel] Setting UseDomains=yes by default DHCP

[Lennart Poettering]

On Mon, 18.05.15 12:26, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:

> I now agree with what Lennart proposed too. This is partially implemented
> now, and with UseDomains=yes, option 15 is used to to set 'search' field.
> 
> I think we should go a step further, and set UseDomains=yes by default,
> to have 'search' populated in /etc/resolv.conf. I think the security
> reservations are overstated:
> iiuc, the concern was that multi-level domain names (i.e. those with at least
> one dot) could be spoofed by controlling the search suffix. But for
> names with at least two levels glibc only uses the search list as a
> fallback.

Well, sure, being able to influence things at the beginning of the
search logic is more problematic than influencing things at the end of
the search logic, but i still think it's problematic, since it still
allows you to insert "home.foobar.com" into a domain "foobar.com" that
doesn't have "home.foobar.com" itself but only "www.bar.com"...

Sure, classic (non-DNSSEC) DNS is not ever going to be fully secure,
but it I still believe we should default to the safer options, and
allow the others.

Altering the search paths is inherently something that makes no sense
on public networks, it only makes sense if you know your network well,
and trust it to some level. Hence opt-in sounds like the better option
to me.

> The story is sligthly different for single-level names. By setting UseDomains=yes
> we allow the dhcp server some control over the resolution of those names.
> But that seems natural too. If we want to allow LLMR or avahi, allowing
> the dhcp server to also control local name resolution seems a natural extension.
> 
> Any reservations for making UseDomains=yes the default?

I'd really prefer if this stays opt-in. That said, I think it would be
a really good idea to improve the documentation of DHCP= to suggest
people to set UseDomains=yes if they need it.

Lennart

-- 
Lennart Poettering, Red Hat