Re: DNS Expectations (was rtsol)

[Robert Swindells <rjs%fdy2.co.uk@localhost>]

Roy Marples wrote:
>On 21/10/2014 15:09, Robert Swindells wrote:
>>>>> The resolv.conf part is tricky - because dhcpcd supports DNSSL and RDNSS
>>>>> options that need to expire it needs to be able to manage resolv.conf
>>>>> somehow. The solution is to either disable dhcpcd from writing to it at
>>>>> all (--nohook resolv.conf), setup your static config using
>>>>> resolvconf.conf or make the file immutable. Is this something we should
>>>>> document in resolv.conf(5)?
>>>>
>>>> I would expect the default behaviour to be to not overwrite
>>>> resolv.conf on an error.
>>>
>>> This behaves like DHCP, DHCPv6 or a vpn link - expect resolv.conf to be
>>> modified. The entry for the interface is cleared on start, just like the
>>> addresses are cleared on a reboot. Hence the above comment I made.
>> 
>> It still fails POLA for me.
>
>Every protocol that supplies an IP address also supplies DNS servers.
>DHCP, DHCPv6, IPv6RS/RA, PPP (+ pppoe), various VPN's.
>I would argue that any of these not supplying DNS fails POLA.
>
>In all cases, when any of these is used there exists the possibility
>that any one of them could impose their idea of DNS on resolv.conf.
>Because of this, we have resolvconf(8) which every daemon who learns DNS
>dynamically should write to rather than directly to resolv.conf.
>
>For the case where a lack of dynamically learned information does not
>exist, or it expires, dhcpcd will remove what it previously learned.
>In the case of DNS, it will call resolvconf -d $interface:$protocol

But dhcpcd has not learned the information that is being deleted.

I am suggesting that in the case where nothing is returned then no
change should be made to resolv.conf.

Robert Swindells