New ZeroConf Spec

[Dick Davies]

On 27/07/06, Scott Dier <dieman at ringworld.org> wrote:

> Well, if someone goes off and puts in .local as one the searchable
> domains, imagine if a nameserver didn't respond for www.ubuntu.com, but
> a mdns responder responded for www.ubuntu.com.local? (is this possible?)
>
> Can a similar thing happen for www.local?  ie: someone just puts in www
> and ends up with some random webserver a party configured its name as www?
>
> http://0pointer.de/lennart/projects/nss-mdns/#documentation
> ---
> libnss_mdns{4,6,}_minimal.so (new in version 0.8) is mostly identical to
> the versions without _minimal. However, they differ in one way. The
> minimal versions will always deny to resolve host names that don't end
> in .local or addresses that aren't in the range 169.254.x.x (the range
> used by IPV4LL/APIPA/RFC3927.) Combining the _minimal and the normal NSS
> modules allows us to make mDNS authoritative for Zeroconf host names and
> addresses (and thus creating no extra burden on DNS servers with always
> failing requests) and use it as fallback for everything else.
> ---
>
> I wouldn't feel too bad about *only* using the minimal module if it were
> adjusted to only allow .local and addresses for locally routable
> networks (ie, no gateway required based on routes).  I don't think
> allowing mdns to respond with anything but .local addresses is prudent.
> (if it were to be included at all)
>
> there isn't a good way to tell if your dns server is misconfigured,
> missing, down, out to lunch, not resolving correctly, etc that allowing
> mdns as the fallback is not a good idea.

By default, the standard module only does .local
 (you have to add additional domains to /etc/mdns.allow).
The '-minimal' package has the additional restriction of only using the
link local range (169.254.*) - but that means you have to be using the
full zeroconf bundle, so seems less useful to me.

-- 
Rasputin :: Jack of All Trades - Master of Nuns
http://number9.hellooperator.net/