On Tue, Dec 24, 2013 at 1:03 PM, Peter J. Philipp <p...@centroid.eu> wrote: > On Tue, Dec 24, 2013 at 10:25:06AM -0500, Kenneth R Westerback wrote: >> On Mon, Dec 23, 2013 at 02:37:47PM +0100, Peter J. Philipp wrote: >> > I'm trying to track down the code in the libasr that causes this behaviour: >> > >> > Whenever I go to a IPv4 site and IPv6 query is made for domain+mydomain >> > like a search. So with logging turned on, on my nameserver I get this: >> > >> > pjp@americas$ grep canoe.ca.centroid.eu /var/log/all >> > Dec 20 17:00:37 americas wildcarddnsd[29850]: request on descriptor 17 >> > interface "em0" from 212.114.242.132 (ttl=54, region=255) for >> > "chealth.canoe.ca.centroid.eu." type=AAAA(28) class=1, answering "NXDOMAIN" >> > >> > The problem is that my nameservers are in china and latin america and >> > I'M sorta worried about these leaks. This particular log came from my >> > nameserver in panama and the packet passes miami. >> >> I'm not clear on what the leak you are worried about is. >> >> .... Ken > > Hi Ken, Merry Christmas! > > I was browsing http://chealth.canoe.ca when I saw the above log. I'm > supposing > the resolver looks up chealth.canoe.ca, and then eventually does a lookup for > chealth.canoe.ca.centroid.eu. centroid.eu is the domain I configured in > resolv.conf by means of DHCP.
a FQDN ends with a period this tells a correctly functioning dns subsystem--"correctly" being subject to your willingness to abide a collection of rfcs, all the way from local binaries to remote hosts[0]--that you wish to resolve that name sans transformations the ``search'' keyword in resolv.conf is a suffix that may be appended to unqualified domain names prior resolving them to ip addresses 1. check if you are really configuring the appropiate settings. some programs, eg dig, willfully ignore the search keyword by default. some browsers use their own resolvers 2. clear the ``search`` keyword: $ echo 'search .' >> /etc/resolv.conf.tail # dhclient $INTERFACE > > I'm wondering why it does that though? Someone in the US, like the NSA, can > then sit back and see my browsing habits, which I call a leak. I'm hoping on > finding the knob that turns this off. The leak wouldn't happen if my > centroid.eu nameservers were just in .de but then you can just replace NSA > with BND the german intelligence sniffers (s/NSA/BND). > > I'd really just rather replace the function that allows > chealth.canoe.ca.centroid.eu lookup to exit my DSL as all that should exit is > a lookup for just chealth.canoe.ca, which takes a different lookup path in the > Internet. > > Regards, > > -peter > >> > >> > My resolv.conf file looks like this on the workstation here in germany: >> > >> > jupiter$ more /etc/resolv.conf >> > # Generated by re0 dhclient >> > search centroid.eu >> > nameserver 192.168.34.1 >> > domain centroid.eu >> > lookup file bind >> > family inet6 inet4 >> > >> > >> > The leak only happens with AAAA queries, like said. Any hints on >> > tracking this down and squelching it? >> > >> > Regards, >> > >> > -peter
