resolved: synthesize option #22599
resolved: synthesize option #22599
Conversation
|
uh, this seems overly broad. What is the usecase here? we synthesize a variety of RRs, and I doubt most of those are anything anyone would ever want to disable. So what's the rationale here? please eboarate. |
poettering
added
needs-reporter-feedback ❓
|
There is at least this case: https://lists.freedesktop.org/archives/systemd-devel/2021-September/046856.html |
|
There's now an env var too: SYSTEMD_NSS_RESOLVE_SYNTHESIZE, see nss-resolve man page. Wouldn't that suffice? See 8ef114c |
|
So I'd be with a change like this to disable synthesis in resolved server-side, but I think it should be more focussed: only on the local hostname itself (leave the synthesis of localhost and such in place). And it should be controlled via env var rather than get a first class config setting. (i.e. this is a political thing: it should have a hackish feeling to turn on this option) i.e. if people add Environment=SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME=0 to systemd-resolved.service we would turn off the logic. Would need a simple patch to src/resolve/resolved-synthesize.c |
|
ping? |
jacekmigacz
force-pushed
the
resolved-synthesize-option
branch
from
c11427a
to
cedc71f
Compare
| @@ -444,6 +445,11 @@ int dns_synthesize_answer( | |||
| } else if (dns_name_address(name, &af, &address) > 0) { | |||
| int v, w; | |||
|
|
|||
| if (getenv_bool("SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME") == 0) { | |||
| nxdomain = true; | |||
There was a problem hiding this comment.
hm, nxdomain seems a bit drastic? i.e. if you return nxdomain then this ends the lookup logic. But it appears to me, if the env var is set we simply shouldn't respond at a ll, i.e. just do continue here...
also, shouldn't the manager_is_own_hostname() branch above get the same treatment? to disable both directions of local hostname resolution? from address to name and from name to address?
There was a problem hiding this comment.
For the nxdomain, you are right. That is too drastic. I will just continue iteration as suggested.
I guess both directions makes sense. I will do it for normal and reverse lookups (and change ENVIRONMENT.md).
jacekmigacz
force-pushed
the
resolved-synthesize-option
branch
2 times, most recently
from
1064f8f
to
69146fa
Compare
docs/ENVIRONMENT.md
Outdated
| `systemd-resolved`: | ||
|
|
||
| * `$SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME=1` — if set, `systemd-resolved` will | ||
| synthesize system hostname on both regular and reverse lookups. |
There was a problem hiding this comment.
the text is wrong. It will synthesize this by default. But if you set the variable to zero then it won't.
There was a problem hiding this comment.
I think I wrongly deducted previous ENVs. Fixed now.
jacekmigacz
force-pushed
the
resolved-synthesize-option
branch
from
69146fa
to
8eb17f2
Compare
poettering
added
good-to-merge/waiting-for-ci 👍
Provides a configuration switch for RR synthesis in resolved.