[systemd-devel] Setting UseDomains=yes by default DHCP

Lennart Poettering lennart at poettering.net
Tue May 19 10:05:06 PDT 2015 

On Tue, 19.05.15 02:37, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:

> On Mon, May 18, 2015 at 07:33:43PM +0200, Lennart Poettering wrote:
> > On Mon, 18.05.15 12:26, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
> > 
> > > I now agree with what Lennart proposed too. This is partially implemented
> > > now, and with UseDomains=yes, option 15 is used to to set 'search' field.
> > > 
> > > I think we should go a step further, and set UseDomains=yes by default,
> > > to have 'search' populated in /etc/resolv.conf. I think the security
> > > reservations are overstated:
> > > iiuc, the concern was that multi-level domain names (i.e. those with at least
> > > one dot) could be spoofed by controlling the search suffix. But for
> > > names with at least two levels glibc only uses the search list as a
> > > fallback.
> > 
> > Well, sure, being able to influence things at the beginning of the
> > search logic is more problematic than influencing things at the end of
> > the search logic, but i still think it's problematic, since it still
> > allows you to insert "home.foobar.com" into a domain "foobar.com" that
> > doesn't have "home.foobar.com" itself but only "www.bar.com"...
> > 
> > Sure, classic (non-DNSSEC) DNS is not ever going to be fully secure,
> > but it I still believe we should default to the safer options, and
> > allow the others.
> > 
> > Altering the search paths is inherently something that makes no sense
> > on public networks, it only makes sense if you know your network well,
> > and trust it to some level. Hence opt-in sounds like the better option
> > to me.
>
> Ok, this makes a lot of sense... but currently this policy is not very
> consistent.  UseDNS defaults to true, which gives control of *all* names
> to the dhcp server, not just over the prefix. When we have DNSSEC by default,
> this will be different though, so that's fine I guess.
> 
> OTOH, I really don't see why UseHostname default to true. Why trust the
> server in this regard?

Well, we use it to initialize the "transient" hostname managed by
hostnamed with. And the "transient" hostname is irrelevant if there's
a static one defined, since the static hostname overrides the
transient one.

or in other words: usehostname has only very weak effects: it
propagates to the kernel hostname only if you have no manual
configuration...

Lennart

-- 
Lennart Poettering, Red Hat

More information about the systemd-devel mailing list