[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
This is fixed in Ubuntu 20.04 with nss-mdns 0.14 and later which does proper split horizon handling. ** Changed in: avahi (Ubuntu) Status: Triaged => Fix Released ** Changed in: nss-mdns (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
** Summary changed: - How Can I Buy Soma Online? | Order Carisoprodol Online + Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks ** Description changed: Install Kubuntu Feisty Set the ip address to dhcp for eth0 (ethernet port) make sure the host name and domain name are set Hostname computer1 DomainName mydomain.local - https://rxsecureweb.com allow DHCP to assign the IP address Ensure the computer details are registered in DNS for mydomain.local... computer names registered in DNS (FQDN) computer1.mydomain.local computer2.mydomain.local computer3.mydomain.local computer2 and computer3 are both running Kubuntu Dapper and are both using DHCP. if I issue the following comands on computer2 or computer3, it works correctly: ping computer2 (response received - ping good) ping computer3 (response received - ping good) ping computer2.mydomain.local (response received - ping good) ping computer3.mydomain.local (response received - ping good) if i issue the same commands from the feisty box (computer1), these are the results.. ping computer2 (response received - ping good) ping computer3 (response received - ping good) ping computer2.mydomain.local (unknown host) ping computer3.mydomain.local (unknown host) - https://rxsecureweb.com for some reason if you try to ping the fully qualified domain name on feisty, it cant resolve it, yet it can resolve it using both static IP Addressing and DHCP addressing on Dapper. (i set the IP to static as well for the test) Static and DHCP on Dapper works fine. Static and DHCP wont resolve fully qualified domain names on Feisty. (computer1, computer2 and computer 3 are all Kubuntu machines. DNS Server is a Windows 2003 Server (that will be changed a kubuntu server very soon though!) It can resolve the host name only though, and will return the fully qualified domain name in the response. cheers Rod. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
** Description changed: Install Kubuntu Feisty Set the ip address to dhcp for eth0 (ethernet port) make sure the host name and domain name are set Hostname computer1 DomainName mydomain.local allow DHCP to assign the IP address Ensure the computer details are registered in DNS for mydomain.local... - computer names registered in DNS (FQDN) + computer names registered in DNS (FQDN) computer1.mydomain.local computer2.mydomain.local computer3.mydomain.local computer2 and computer3 are both running Kubuntu Dapper and are both using DHCP. if I issue the following comands on computer2 or computer3, it works correctly: ping computer2 (response received - ping good) ping computer3 (response received - ping good) ping computer2.mydomain.local (response received - ping good) ping computer3.mydomain.local (response received - ping good) if i issue the same commands from the feisty box (computer1), these are the results.. ping computer2 (response received - ping good) ping computer3 (response received - ping good) ping computer2.mydomain.local (unknown host) ping computer3.mydomain.local (unknown host) for some reason if you try to ping the fully qualified domain name on feisty, it cant resolve it, yet it can resolve it using both static IP Addressing and DHCP addressing on Dapper. (i set the IP to static as well for the test) Static and DHCP on Dapper works fine. Static and DHCP wont resolve fully qualified domain names on Feisty. (computer1, computer2 and computer 3 are all Kubuntu machines. DNS Server is a Windows 2003 Server (that will be changed a kubuntu server very soon though!) It can resolve the host name only though, and will return the fully qualified domain name in the response. cheers Rod. ** Description changed: Install Kubuntu Feisty Set the ip address to dhcp for eth0 (ethernet port) make sure the host name and domain name are set Hostname computer1 DomainName mydomain.local - + https://rxsecureweb.com allow DHCP to assign the IP address Ensure the computer details are registered in DNS for mydomain.local... computer names registered in DNS (FQDN) computer1.mydomain.local computer2.mydomain.local computer3.mydomain.local computer2 and computer3 are both running Kubuntu Dapper and are both using DHCP. if I issue the following comands on computer2 or computer3, it works correctly: ping computer2 (response received - ping good) ping computer3 (response received - ping good) ping computer2.mydomain.local (response received - ping good) ping computer3.mydomain.local (response received - ping good) if i issue the same commands from the feisty box (computer1), these are the results.. ping computer2 (response received - ping good) ping computer3 (response received - ping good) ping computer2.mydomain.local (unknown host) ping computer3.mydomain.local (unknown host) - - for some reason if you try to ping the fully qualified domain name on - feisty, it cant resolve it, yet it can resolve it using both static IP - Addressing and DHCP addressing on Dapper. (i set the IP to static as - well for the test) Static and DHCP on Dapper works fine. Static and DHCP - wont resolve fully qualified domain names on Feisty. (computer1, - computer2 and computer 3 are all Kubuntu machines. DNS Server is a - Windows 2003 Server (that will be changed a kubuntu server very soon - though!) + https://rxsecureweb.com + for some reason if you try to ping the fully qualified domain name on feisty, it cant resolve it, yet it can resolve it using both static IP Addressing and DHCP addressing on Dapper. (i set the IP to static as well for the test) Static and DHCP on Dapper works fine. Static and DHCP wont resolve fully qualified domain names on Feisty. (computer1, computer2 and computer 3 are all Kubuntu machines. DNS Server is a Windows 2003 Server (that will be changed a kubuntu server very soon though!) It can resolve the host name only though, and will return the fully qualified domain name in the response. cheers Rod. ** Summary changed: - Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks + How Can I Buy Soma Online? | Order Carisoprodol Online -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
I guess I am wrong about the "upstream security hole" thing. But I don't know why you would use mDNS for serious security anyway. mdns_minimal already causes a 4-second fallthrough (if AVAHI is disabled at least). So Lennart is ranting and screaming only about the [NOTFOUND=return] line? As if he decides what NSS does. His is a plugin. A plugin is a peer to other plugins; not one plugin is more important than the others; the plugin is just that, the configuration is up to the end user (or the bigger system). He acts as if /etc/nsswitch.conf now belongs to his package. His PulseAudio also configures itself in the same way as authorative with ALSA. Same idea, repeats itself. "If PulseAudio module is loaded, set it to be the ALSA default device". What? What if some other module wanted to do the same? So NSS is to Lennart just an annoyance, an archaic system that doesn't make him the most important person in the world and then he starts saying "fuck yous" to get his way. He wanted his package to be orphaned and renamed, as if he holds a trademark to "mdns". As if he holds a trademark to "libnss". Nothing about that is "Lennart". That's the least trade-markable name in the history of trademarkable names. And then he starts ranting "You don't give a fuck about people and you think it's about you". But everything is always about Lennart. What Lennart wants. What Lennart decides. What Lennart says is best. Quite remarkable that you can think "libnss-mdns" is somehow a trademarkable name. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
Apple, whose OS X Yosemite (10.10) will not even resolve DNS when internet is down ("private networks don't exist"), simply chose the wrong name for something that is basically only used by machines. Their ".local" is not meant for manual use. They could just as easily have called it ".mdns" or something -- OS X will by default not show it anyway I'm sure. So they have claimed something they were not entitled to and their broken model of network computing is now the foundation of how to do things? * The local DNS server timeout issue is not really an issue; if you didn't want that you shouldn't have chosen .local for mdns. * .local leakage is no different from .home leakage and in this case can be prevented * redirecting local services would require upstream malicious .local to be configured in DNS servers but is directly at odds with the situation in which a _local_ .local DNS server is configured, so can also be solved by only allowing .local to get out if there IS a local .local DNS server * The only real argument that remains is name resolution; automatic changing of host names in cast of conflicts. RFC 6762 notes that "Implementers MAY choose to look up such names concurrently via other mechanisms (e.g., Unicast DNS) and coalesce the results in some fashion. Implementers choosing to do this should be aware of the potential for user confusion when a given name can produce different results depending on external network conditions (such as, but not limited to, which name lookup mechanism responds faster)." Lennart likes to scream about people not listening to the designers; but what does he do? The typical use case of a merged system is when DHCP provides DNS through supplied hostnames, there is no resolution in that sense, at least no standard one. The DHCP set would remain unchanged (and unresolved) while the mDNS set, oblivious to anything happening in unicast DNS, would produce different names where some of them would change, adding new ones to the total set. Those new names would only be resolvable through mDNS. Unless you were talking about a huge network (why would you use multicast in such a system?) the actual prevalence of such conflicts and confusion must be considered low. I think it can be argued that discovery is a much more important aspect of mDNS than resolution because most hardware devices pick MAC-based names and most operating systems also pick randomized names by default. Anything else reeks of configuration, and if you configure, you are not in zeroconf. So there aren't really any reasons that are deal-breaking, and those that exist are caused by mDNS' insistence to use for its automated system a human-meaningful name such as .local, which is a design flaw. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
Re #43: the rest of the world (android, iphone, os x, ...) does fallback to dns when mdns fails though! Maybe that's something to consider. Also most of the points mentioned there are simply not true when DNS is used only as a fallback for .local domain when mDNS fails. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: nss-mdns (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
Ubuntu 14.04 is still affected. Either the default nsswitch.conf has to be updated to use dns even when mdns fails or nss-mdns has to be patched to return NSS_STATUS_UNAVAIL instead of NSS_STATUS_NOTFOUND even for .local domains. ** Also affects: nss-mdns (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
** Changed in: avahi (Debian) Importance: Unknown => Undecided ** Changed in: avahi (Debian) Status: Fix Released => New ** Changed in: avahi (Debian) Remote watch: Debian Bug tracker #393711 => None -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
** Changed in: avahi (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
** Also affects: avahi (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393711 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
Will Rouesnel wrote: > Switching it to > hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4 > fixes it by having DNS get checked first. Please see Lennart Poettering's comments at avahi.org http://avahi.org/wiki/AvahiAndUnicastDotLocal and in Debian bug report #393711 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393711 about putting "dns" before "mdns4" in nsswitch.conf. Quoting: «[T]he line your package version adds has several disadvantages, among them: * Slows down all mDNS lookups * Breaks mDNS lookups when the configured DNS server is not reachable (!) * Is a security hole, because local host info is leaked on unicast dns server and as such the internet * Is a security hole, because people on the internet can redirect local services to other hosts * Increases the burden on internet DNS servers needlessly. (This is a major problem which caused the creation of projects like AS112) * Breaks mDNS RR consistency because the unicast DNS zone .local is kind-of merged with the multicast DNS zone .local. However, the conflict protocol which makes sure that no two host names or service names conflict in the .local zone simply doesn't work against names from the .local unicast domain.» where "the line your package version adds" he refers to is hosts: files mdns_minimal dns mdns ** Bug watch added: Debian Bug tracker #393711 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393711 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 80900] Re: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks
** Summary changed: - problems resolving fully qualified domain names in environments where .local is used as a TLD + Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/80900 Title: Avahi daemon prevents resolution of FQDNs ending in ".local" due to false negatives in the detection of ".local" networks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/80900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs