Re: Is there any point to full host names in /etc/hosts ?
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Sun, 04 Nov 2007 15:00:08 -0600
On Sat, 03 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <m3bqabqmh6.fsf@xxxxxxxxxxxxx>, Ashish Shukla
=?utf-8?B?4KSG4KS24KWA4KS3IOCktg==?= =?utf-8?B?4KWB4KSV4KWN4KSy?= wrote:
Stefan Monnier writes:
| Better yet: the name they get is determined by the machine's name
| (passed to the DHCP server), so I don't even have a centralized database
| that maps names to IP either: it's all setup dynamically (although you
| do have to ask GNU/Linux's dhcp client to pass this name explicitly
| because it doesn't do it by default contrary to Mac OS X's).
Of course, even the id10ts at Apple and Microsoft admit this is a rather
massive security hole.
Why not use Avahi[1] ( which provides mDNS[2] ) and libnss-mdns[3] (nss
plugin for name resolving using mDNS) .
[1]. http://www.avahi.org/
[2]. http://en.wikipedia.org/wiki/Zeroconf
[3]. http://0pointer.de/lennart/projects/nss-mdns/
Avahi uses port 5353 to 224.0.0.251 or its IPv6 equivalent FF02::FB,
while the microsoft version uses 5355 to 224.0.0.252 or its IPv6
equivalent FF02::1:3. See
4795 Link-local Multicast Name Resolution (LLMNR). B. Aboba, D.
Thaler, L. Esibov. January 2007. (Format: TXT=71969 bytes)
(Status: INFORMATIONAL)
verses
draft-cheshire-dnsext-multicastdns-06.txt (which seems to have
quietly been allowed to expire without replacement, though copies are
still available on the Internet) which was the Apple working paper
version of the draft to provide mDNS.
The RFC for "Link-Local" (also known as ZeroConf) is RFC3927:
3927 Dynamic Configuration of IPv4 Link-Local Addresses. S. Cheshire,
B. Aboba, E. Guttman. May 2005. (Format: TXT=83102 bytes) (Status:
PROPOSED STANDARD)
and specified the unpublished draft for what became RFC4795, and
specifically requires that any queries for an address-to-hostname
query in the '254.169.in-addr.arpa.' domain be result in an RCODE=3
(NXDOMAIN) response.
Without the optional DNSSEC, both proposals (the microsoft version
went through at least draft-ietf-dnsext-mdns-47.txt - the 47th
revision - before being adopted as RFC4795) should be restricted to
networks where it is unlikely to find bad guys. The microsoft
version suggests that it be limited to hostnames _without_ a 'dot'
(".") which they call 'single-label' names, but actually make no tests
to see (and ignores) if any are included in the query. The Apple
version was slightly safer, being restricted to names ending in
".local", but warned against having 'search' or 'domain' lines in
/etc/resolv.conf, and also mentioned that some name resolvers fail
to include a trailing dot in the FQDN hostname queries (Linux does
include the dot - making the query 'absolute' rather than relative).
Old guy
.
- Follow-Ups:
- Re: Is there any point to full host names in /etc/hosts ?
- From: Ashish Shukla आशीष शुक्ल
- Re: Is there any point to full host names in /etc/hosts ?
- From: Stefan Monnier
- Re: Is there any point to full host names in /etc/hosts ?
- References:
- Is there any point to full host names in /etc/hosts ?
- From: Rikishi 42
- Re: Is there any point to full host names in /etc/hosts ?
- From: Stefan Monnier
- Re: Is there any point to full host names in /etc/hosts ?
- From: Ashish Shukla आशीष शुक्ल
- Is there any point to full host names in /etc/hosts ?
- Prev by Date: Re: Uverse, anyone?
- Next by Date: Re: Is there any point to full host names in /etc/hosts ?
- Previous by thread: Re: Is there any point to full host names in /etc/hosts ?
- Next by thread: Re: Is there any point to full host names in /etc/hosts ?
- Index(es):
Relevant Pages
|
