name resolution

[Xen]

Tom H schreef op 26-11-2017 17:47:

>> But we have learned by now that it does not follow from the RFC.
> 
> In what way doesn't it follow the RFC?!

Read, Tom.

I said that mDNS for .local ONLY does not follow from the RFC.

> Distributions do whatthey find is useful. "/run" wasn't officially
> blessed until after it was implemented by all distributions.

Then there is freedom and you don't have to follow Apple's word for it.

>>>>> Lennart re-implemented Bonjour, I've forgotten when, as a 
>>>>> gpl-licensed
>>>>> technology for use in Linux and BSD.
>>>> 
>>>> You're still not saying anything relevant.
>>>> 
>>>> We already knew that.
>>> 
>>> Your knowledge of avahi doesn't really shine through your ranting in
>>> this thread.
>> 
>> I don't know much about Avahi, that's true.
>> 
>> But you have also (not one of you) said anything relevant that I 
>> didn't
>> already know.
> 
> If you knew what we've been telling you, you wouldn't be protesting
> that you want to use ".local" as a unicast private domain.

" Implementers MAY choose to look up such names concurrently via other
    mechanisms (e.g., Unicast DNS) and coalesce the results in some
    fashion."

What don't you understand, and what have you been telling me Tom?


>> In fact it is clear there is also a third option, namely letting local 
>> DNS
>> precede local mDNS.
> 
> You've misunderstood what I said because I didn't write this:
> 
> If you have "hosts: files dns mdns", if you're not running a local
> unicast dns server that's authoritative for ".local" with your
> nsswitch.conf setup, ".local" queries will be done against the root
> servers.

I don't get why DNS servers don't block it like that guy did.

> You can see the number of per-second queries for invalid TLDs on
> 
> http://stats.dns.icann.org/hedgehog/

More illustrative is "Top TLDs" because you see it relative to .com, 
.net and so on.

There are more queries for all of the local domains combined than for 
the .com domain, almost.

Yet: .home is more popular than .local.

So if you really wanted to make a dent here, you would have to also 
block .home, .dhcp, and so on.

That means the "ideal solution" is to block everything people want to 
use.

It is pretty clear that that ideal solution is not a sensible one.

Unless of course you instruct either:

- routers
- upstream ISPs

to block it.

Then you have a sensible solution.

> It's ridiculous that there are so many misconfigured "private"
> domains. AS I said in a previous email, these quesries should go to
> the blackhole servers. But we shouldn't green-light the
> misconfiguration of lans simply because there's garbage collection on
> the net.

> What are you referring to? Who's the "dns guy?!" I don't see how you
> can return an empty domain for a ".local" domain if you're using it as
> you lan domain name.

You already responded to this.

No dnsmasq does not "return an empty domain" but its SOA records aren't 
exactly populated either (the serial is always 1, unless, I guess, 
configured otherwise).

I mean that... well whatever.

> That's what the blackhole dns servers do.

> The RFC 1918 addresses are blackholed and other can be blackholed too.
> 
> But this should be done because someone misconfigured a private
> network by mistake rather than doing so purposefully.

So that's why you would consider my solution bad because it queries the 
.local SOA every 10 minutes.

Of course you could cache that for a long time but it's already being 
done, I mean there are a lot of SOA queries among those .local.

I mean you can make this principled statement but


a) ... your mdns resolver won't stop the other ones
b) ... if you did want to do that, and if you combined that with some 
SOA check,

c) ... AND there was some blackholing going on

THEN

You could probably actually reduce the amount of traffic while not 
disabling those local networks.

So from a practical standpoint.

The solution I proposed that you consider misconfigured could actually 
help reduce the traffic if you would cache SOA requests for a long time.

Locally.