Tue Nov 13 04:50:00 GMT 2018
On Mon, Nov 12, 2018 at 10:43 AM Florian Weimer <email@example.com> wrote:
> If you can edit /etc/gai.conf, you can install Unbound or dnsmasq, too.
Installing and configuring a DNS server is quite a bit more involved
than editing gai.conf.
> Do you have another example that does not involve sorting merely by
> protocol? Something that you have encountered personally?
My personal example is slightly more complex, but is still related to
sorting by protocol. I have daul-stack at home, and my IPv6 router
advertisements also include a ULA prefix. So every machine on my
network has at least a 192.168.8.x IPv4 address and an IPv6 address
with my ULA prefix. My DNS is set up to return both (in no particular
order). I was just noticing what it shows for "Last login" when
ssh-ing into my server and also what it shows by default when I ping a
machine. Interestingly, the results differ when pinging from Linux vs
Windows. From Linux it chooses the IPv6 ULA address, but from Windows
it chooses the IPv4 private address for the destination host.
I tracked down the reason for the difference to the prefix policy
table. Linux adheres to the older RFC 3484, whereas Windows uses RFC
6724. I was surprised to see Windows ahead of Linux in adhering to
IPv6 standards. But the strangest part about all this is that, the
older standard actually gives more appropriate results in this case,
since IPv6 ought to be preferred over IPv4 when choosing between
equally valid and useful addresses.
That's why in conjunction with my suggestion to update to the RFC 6724
policy, I also brought up the idea of adding the rules for private
IPv4 prefixes so that IPv6 ULA will be preferred over them. To be
honest, unless those rules are included I would prefer glibc be left
alone, because in my opinion the slight improvements are not worth it
unless that drawback is addressed.
> To be honest, I don't see any other way to get full RFC 6724 support
> because the RFC requires various things for which I do not see direct
> kernel support.
I'm not sure what exactly you are referring to in RFC 6724 that the
kernel doesn't support, but I was just focused on updating the
precedence rules. I'm assuming those could be updated to include nine
rules from RFC 6724 rather than five rules from RFC 3484.
> If we disable or limit sorting in glibc, at least you will be able to
> get RFC 6724 support with a suitable NSS service module or caching DNS
I'm in favor of adding the ability to disable sorting, as long as it
is just an option and it's not that way by default. I can't imagine
how many things might break if this were disabled.
More information about the Libc-help