New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
client (unix, lwt): in "create" parse /etc/resolv.conf and use first IPv4 address of a nameserver #241
Conversation
…IPv4 address of a nameserver this changes the default behaviour by using the system-configured nameserver(s). there are some issues with this strategy: - the system-configured nameserver may be UDP only, in which case the client will fail - the first nameserver may be unreachable
to fix "all the issues" [tm], we need to adjust the code further (to also accomodate upcoming IPv6 support)
once we have these, a DNS lookup should be roughly of the form:
does this sound reasonable @cfcs? the reasoning is that on |
@hannesm I think that sounds reasonable, yes. :) Some inputs:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another input: What do we do about domains, e.g. if the resolv.conf
contains search example.com
and we want to lookup test
that would turn into a request for test.example.com
(perhaps also a lookup for test
when it's not a fqdn, not sure)?
@cfcs thanks for your input. The resolvconf parser can be enhanced (I found the rust parser https://github.com/tailhook/resolv-conf/tree/master/src a very good resource of what options are available on different operating systems). Now, the question arises "what should the behaviour be?" if you're keen on the exact same semantics as (g)libc, I guess we're better off just using Considering that OCaml's DNS client will diverge from
Now, as you mention, An interesting project is unwind https://man.openbsd.org/unwind from where we should take some ideas - it is a validating resolver, where Florian put in quite some work in testing in different scenarios. To iteratively move forward, my suggestion is (where the checkboxes are intended for the next release,
|
@hannesm Sounds good to me with a nameserver list in
|
I copied the list above into a separate issue, together with "remember hash of resolv.conf and re-parse when resolution fails (and hash was modified)" -- this would be convenient for laptops roaming between networks. I'll merge this PR as is. |
…ns-client, dns-server, dns-tsig and dns-cli (4.6.3) CHANGES: * dns-server: wildcard support (mirage/ocaml-dns#248 @hannesm) * dns-certify: only dnskey needs to be a valid hostname (mirage/ocaml-dns#247 @hannesm), allow [`raw] Domain_name.t in signing requests (mirage/ocaml-dns#249 @hannesm) * dns-client.resolvconf provides a parser for /etc/resolv.conf (mirage/ocaml-dns#240 @hannesm), used in dns-client.unix and dns-client.lwt (mirage/ocaml-dns#241 @hannesm) * BUGFIX dns-cli notify keys are accepted in namekey_c (mirage/ocaml-dns#242 @hannesm) * BUGFIX dns: revise TXT resource record encoding and storage (for DKIM usage) previously RR were cut at 255 characters (fixes mirage/ocaml-dns#244, mirage/ocaml-dns#245 @hannesm) * BUGFIX dns: decoding of TSIG packets (mirage/ocaml-dns#250 @hannesm) * BUGFIX ocertify: pem file may contain a certificate chain (mirage/ocaml-dns#246 @hannesm)
this changes the default behaviour by using the system-configured nameserver(s).
there are some issues with this strategy: