Date: Thu, 1 Sep 2022 16:03:18 +0000 From: Luca BRUNO <lucab@...abruno.net> To: musl@...ts.openwall.com Subject: Re: musl resolver handling of "search ." in /etc/resolv.conf On Thu, 1 Sep 2022 08:45:12 -0400 Rich Felker <dalias@...c.org> wrote: > "search ." by itself is a semantically a no-op. It specifies a single > search domain that's the DNS root, which is exactly what gets queried > with no search at all. systemd is writing this into resolv.conf > because of a glibc "misbehavior" (to put it lightly) where, in the > absence of any search directive, it defaults to searching the domain > of the system hostname (so hostname=foo.example.com would implicitly > search example.com, which is obviously wrong to do, and systemd is > trying to suppress that). But it would also cause failing lookups to > be performed in duplicate, unless there's logic to suppress the final > non-search lookup when root was already searched explicitly. While tracking down this musl bug, I empirically observed from network traces that glibc does apply such de-duplication logic under the same configuration. That is, it performs the root-anchored query in the specified order, and in case of a negative response it does *not* perform the query again as it would otherwise do for the final fallback case. > > > There are 3 options I see: > > > > > > - Actually support it as a search. This is *bad* behavior, but at > > > least unlike the version of this behavior musl explicitly does > > > not implement, it was explicitly requested by the user. Except > > > that it wasn't, because systemd is just putting it in everyone's > > > resolv.conf.. > > > > > > - Skip it completely. Never search root; wait for the end of the > > > search list and query root as always. > > > > > > - End search on encountering it and go directly to the post-search > > > query at root. > > > > > > Anyone care strongly about this one way or another? From my observations, option 1 is consistent with other libc's behavior. But it has the above caveat that it needs additional caching to avoid duplicate root-queries on negative responses. If it isn't too invasive to implement, that would be my preferred one. Option 2 looks somehow reasonable too. The skewed order would be a bit surprising, but it can be documented and it's unlikely to affect many real-world usages. Ciao, Luca
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.