Date: Wed, 12 Jun 2024 07:47:27 +0000 From: Poul-Henning Kamp <phk@phk.freebsd.dk> To: current@freebsd.org Subject: 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out Message-ID: <202406120747.45C7lRGZ009491@critter.freebsd.dk>
next in thread | raw e-mail | index | archive | help
I had a machine with this line in /etc/rc.conf: ifconfig_bla0="192.168.87.11" I found out the hard way, that this defaults to /8 now. The main symptom was that DNS was /really/ busted, which makes sense when none of the DNS servers in the 192/8 "swamp" can be reached. Since we all know that it is always DNS(SEC), I spent a lot of time having fun with that, before I noticed the /8 netmask on the interface. I agree that the class A/B/C netmask assumptions should have died long ago. But from a foot-shooting point of view, it makes no sense to default 192.168/16 to a /8 netmask. If we're going to default to /8, at the very least ifconfig should spitting out a very noisy warning and wait 5 seconds before proceeding, when the netmask is not explicitly specified. But I also think we can do better than /8. One option is to go for "limit the damage in RFC1918" and default them according to their size: reach: 10/8 172.16/12 192.168/16 That will prevent the DNS weirdness I had to figure out, and probably still DWIM in most cases. Another option is to default all three to /24, which in my experience is how people deploy RFC1918. A third option is to default any missing netmask to /24 instead of /8, which would be what I would personally have done in the first place. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202406120747.45C7lRGZ009491>