From: Tim Hockin <thockin@google.com>
To: musl@lists.openwall.com
Subject: Re: Re: Would love to see reconsideration for domain and search
Date: Mon, 26 Oct 2015 17:37:20 -0700 [thread overview]
Message-ID: <CAO_RewZ4aWOdd6SZMDsFxYijJoThsE7FSVHxgCCauH1JriQ3Yw@mail.gmail.com> (raw)
In-Reply-To: <20151027003021.GN8645@brightrain.aerifal.cx>
wrt 2) my understanding is that you get at-most-one-of `search` or `domain`.
On Mon, Oct 26, 2015 at 5:30 PM, Rich Felker <dalias@libc.org> wrote:
> On Fri, Oct 23, 2015 at 01:31:09AM -0400, Rich Felker wrote:
>> > > BTW I think there are other strong reasons to move to a model based on
>> > > a local nameserver that does the unioning, not just performance. The
>> > > most compelling is DNSSEC, which requires a trusted channel between
>> > > the nameserver and the stub resolver in order for results to be
>> > > meaningful/trusted. In the future everybody should be running a
>> > > nameserver on localhost to do DNSSEC signature validation. In that
>> > > scheme, resolv.conf would just contain 127.0.0.1 (or could be omitted
>> > > entirely since that's the default, at least on musl).
>> >
>> > I can see a local nameserver doing resolution, but doing search
>> > expansion seems like a stretch (and superfluous since it is local).
>>
>> Search would also get a lot of performance benefit from doing in the
>> caching nameserver, but I agree with your assessment that it's a
>> separate issue and that there's no _need_ to do it at that level to
>> ensure correctness. So for now let's focus on a plan for adding
>> suitable search domain support in musl.
>>
>> I believe search only affects DNS queries, not hosts file lookups,
>> right? So it should be at the name_from_dns stage in lookup_name.c.
>> The simplest implementation approach is probably to wrap name_from_dns
>> with a name_from_dns_search function that reads the search domains and
>> repeatedly calls name_from_dns until it gets success.
>
> I noticed in the process of trying to draft code to do this that there
> will be a lot of code duplication with the resolv.conf parsing in
> res_msend.c, and that this code has some stupid bugs (for example it
> stops parsing after it gets 3 nameservers, so it might miss options
> later in the file), so I think I'll take a look at factoring it into a
> new function to gather all the interesting information from
> resolv.conf that can be used in both places.
>
> A couple additional things I noticed from resolv.conf(5):
>
> 1. The default domain used by glibc is not the dns root but rather the
> domain portion of the local hostname determined by gethostname().
> Is there any value in duplicating this? Does anyone want/need it?
>
> 2. It's not clear from the documentation of "search" whether its
> presence overrides/suppresses the "domain" (default or set by
> resolv.conf) or adds additional searches before or after it. Which
> should it do?
>
> While glibc/legacy behavior is worth looking at, I don't think we need
> to look at things from a standpoint of exactly duplicating that.
> Meeting real-world modern application needs while avoiding
> inconveniencing users with stupid/unwanted behavior should be the
> primary goal.
>
> Rich
next prev parent reply other threads:[~2015-10-27 0:37 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-22 21:24 Tim Hockin
2015-10-22 21:56 ` Rich Felker
2015-10-22 22:36 ` Tim Hockin
2015-10-22 23:00 ` Josiah Worcester
2015-10-22 23:37 ` Tim Hockin
2015-10-23 4:27 ` Rich Felker
2015-10-23 5:13 ` Tim Hockin
2015-10-23 5:31 ` Rich Felker
2015-10-23 5:37 ` Tim Hockin
2015-10-23 6:00 ` Rich Felker
2015-10-23 6:04 ` Tim Hockin
2016-01-29 0:57 ` Rich Felker
2015-10-27 0:30 ` Rich Felker
2015-10-27 0:37 ` Tim Hockin [this message]
2015-10-27 0:45 ` Rich Felker
2015-10-27 8:11 ` u-uy74
2015-11-28 22:48 ` Jan Broer
2015-11-28 23:20 ` Rich Felker
2015-11-29 3:06 ` Jan Broer
2016-01-29 0:58 ` Rich Felker
2015-10-26 2:14 ` Re: Would not " John Levine
2015-10-26 5:14 ` Tim Hockin
2015-10-26 16:16 ` Rich Felker
2015-10-26 17:41 ` John Levine
2015-10-26 18:08 ` Rich Felker
2015-10-23 8:12 ` Re: Would " u-uy74
2015-10-23 9:35 ` Laurent Bercot
2015-10-23 12:23 ` Laurent Bercot
2015-10-23 15:57 ` Tim Hockin
2015-10-23 5:26 ` Kurt H Maier
2015-10-24 21:33 ` Tim Hockin
2015-10-24 21:57 ` Kurt H Maier
2015-10-24 23:31 ` Rich Felker
2015-10-24 22:02 ` Rich Felker
2015-10-24 22:32 ` Tim Hockin
2015-10-25 8:20 ` u-uy74
2015-10-25 13:06 ` Jan Broer
2015-10-25 13:19 ` u-uy74
2015-10-25 13:39 ` Jan Broer
2015-10-25 14:08 ` u-uy74
2015-10-25 19:08 ` Rich Felker
2015-10-26 1:26 ` Isaac Dunham
2015-10-26 15:35 ` Rich Felker
2015-10-23 15:30 Jan Broer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAO_RewZ4aWOdd6SZMDsFxYijJoThsE7FSVHxgCCauH1JriQ3Yw@mail.gmail.com \
--to=thockin@google.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).