New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resolved: does not apply search domain logic to multi-label names #16797
Comments
As documented, systemd never applies search domain logic to domains containing dots (aka "multi-label domains"), simply because it's insecure (as this means even lookups for google.com or github.com might be subject to search domain logic) |
Duplicate of #4821 |
What is wrong in that behavior? It is logical that when resolver did not find typed domain, it tries to find them by substituting domains from search list. This situation may be only if normal resolve is not accessible. |
if you look up "foo.bar", and expect it to be resolved locally, via some search path, and then someone buys the "foo.bar" top-level domain he gained access to your traffic: you think you talk to a local service but actually you are talking to some remote thing on the internet. hence it's not generally safe to suffix stuff that already looks like an fqdn (i.e. has at least one dot, i.e. two labels) with search domains, and the opposite is not safe either. |
If I look up "foo.bar" and do it from are local, I must understand thing what my current location in the local net which managed by some network administrator which have responsibility for it and, if I'm do not understand this, must watch for correlation between the managed network and global. Resolver must do his work, not more, not smaller, and not must take over the responsibility which belong to network administrators. Principles which you wish implement do not match for industrial approach. |
systemd version the issue has been seen with
Used distribution
Expected behaviour you didn't see
Current NSS configuration
hosts: resolve [!UNAVAIL=return] myhostname files mdns4_minimal [NOTFOUND=return] dns
Resolved status
Unexpected behaviour you saw
Steps to reproduce the problem
The text was updated successfully, but these errors were encountered: