Package: rdnssd Version: 1.0.3-2 Severity: important Tags: ipv6, fixed-upstream
This issue relates heavily to #767071, where previous versions of the rdnssd Debian package would completely overwrite /etc/resolv.conf, with all the bad consequences and unexpected, counter-intuitive breakage cases it implied. Since 1.0.3-2, the package uses an upstream script to cooperatively merge its configuration into /etc/resolv.conf. Unfortunately the version of the script in the Debian package is buggy and plagued by the same kind of issues. rdnssd can contribute to /etc/resolv.conf: - IPv6 nameserver lines (most basic function) - search lines (DNSSL option) The current version of the merge hook fails to properly handle search lines. Thus on networks where DNSSL is configured in IPv6 router advertisements, it can lead to: - failure to merge IPv6 nameservers into /etc/resolv.conf - littering /etc/resolv.conf with multiple stray search lines (only the last search line in /etc/resolv.conf is taken into account by the resolver) - existing search lines (from DHCPv4) being ignored The current issue still has a potential (although lesser) similar to the /etc/resolv.conf overwriting in #767071 to cause unexpected, counter-intuitive and hard to diagnose system-wide breakage in DNS resolution, because of DHCPv4 configuration being superseded and ignored. Please consider cherry-picking this upstream patch fixing the issue for good: http://git.remlab.net/gitweb/?p=ndisc6.git;a=commitdiff;h=d60853a5319bac0c3ec9a082bcaf850a5ab8d1d5 The cooperative merge hook mechanism has only been used in Debian testing for 2 weeks ever now. It would make little sense to refrain at this stage from merging changes to it, to try to prevent introducing regressions into the archive, because it's already such a very new system-wide change to Debian, with so little hindsight and testing on new installs. There's no point in pacing and sticking with a half-fix. Quite the contrary, we've had the broken /etc/resolv.conf overwriting situation for years, and suffered the experience of breakage of freshly installed systems, user frustration and embarrassment for Debian and upstream. I cannot stress enough how delaying any further a proper fix is only going to set up the next Debian release for more of the same; and I think nobody wants that. Please strongly consider uploading a new, fixed package version. Best regards. -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages rdnssd depends on: ii adduser 3.115 ii init-system-helpers 1.47 ii libc6 2.24-9 ii lsb-base 9.20161125 Versions of packages rdnssd recommends: pn resolvconf <none> Versions of packages rdnssd suggests: ii ndisc6 1.0.3-2 -- Configuration Files: /etc/rdnssd/merge-hook changed [not included] -- no debconf information
