name resolution

Xen list at xenhideout.nl
Sun Nov 26 19:36:13 UTC 2017 

Tom H schreef op 26-11-2017 18:24:
> On Sun, Nov 26, 2017 at 8:36 AM, Xen <list at xenhideout.nl> wrote:
>> 
>> You skip everything that is technical and relevant.
>> 
>> Such as this link:
>> 
>> http://avahi.freedesktop.narkive.com/XD3tWzYz/multicast-dns-and-the-unicast-local-domain
>> 
>> Or this fragment by Lennart Poettering:
>> 
>> "Sounds like a good idea. Could you please bring this to the attention
>> of the Debian/Ubuntu folks who ship that .local detection script? (To
>> my knowledge the other distros still don't, though they should)
>> 
>> Lennart"
> 
> I guess that this is the thread with Lennart and "the dns guy."
> 
> You misunderstand it completely.
> 
> Carsten S, unlike you, isn't running a private ".local" domain. He's
> being a good citizen and preventing ".local" queries from leaking out.
> 
> Ubuntu had implemented at the time a detection mechanism whereby if
> ".local" was configured as a unicast domain (which was a suggestion
> that was made by Lennart for all distributions), avahi wouldn't start.

The use cases are different but the mechanism is almost the same.

I did misunderstand that he wanted Avahi to start instead of not start, 
sorry about that.

I also misread the snippet he posted.

The linked Avahi document was gone, I couldn't check it.

> AFAIR, Ubuntu responded by providing an envvar that could be sourced
> from a file in "/etc/default/" to allow avahi to start even if a
> unicast ".local" is detected by its startup script.

I don't yet understand what would have been the reason to disable Avahi, 
unless it was that the additional feature would be considered 
superfluous.

So yes I am embarassed, so in the past there was actually a use case 
like the one I want, and it was implemented, at least in some way.

Of course I don't really have that much of an issue with Avahi 
_running_.

It doesn't hurt me if it's there.

I never liked seeing it I must say because it filled the logs and I 
didn't know what it was for, and mdns packets flood my firewall 
somewhere because neighbouring VPSes keep sending the stuff.

So yes, I am a bit humbled, sorry.

So his use case was actually the reverse.

He wanted a way to distuingish between a real and a fake local server.

Which would be equally relevant for me in what I want.

Except that if a fake server exists, and dns_local is activated,

There is not much issue because it will hit the fake server, on the 
other hand that fake server might be at an ISP.

So it would then be important to answer the question he asked (which is 
what I recognised, I guess).

I mean the entire thread is ultimately relevant to what I want, isn't 
it.

I would need the ability that he wanted.

To distuingish between empty local and fake local.

But it also means it is quite common for DNS operators to block .local 
traffic from reaching the root servers.

You said earlier that .local traffic will hit the root servers.

Apparently this is not so because it has already been dealt with.

Which I considered the only sensible thing, and guess what, it's true 
:p.

Yeah yeah, I'm sorry.

But that means letting .local leak has already been dealt with in a 
certain way.

It just happens at the ISP.

More information about the ubuntu-users mailing list