Date: Wed, 12 Jun 2024 11:46:49 +0200 (CEST) From: Ronald Klop <ronald-lists@klop.ws> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: current@freebsd.org Subject: Re: 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out Message-ID: <413984193.6719.1718185609109@localhost> In-Reply-To: <202406120747.45C7lRGZ009491@critter.freebsd.dk> References: <202406120747.45C7lRGZ009491@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_6718_235755784.1718185609092 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Van: Poul-Henning Kamp <phk@phk.freebsd.dk> Datum: woensdag, 12 juni 2024 09:47 Aan: current@freebsd.org Onderwerp: 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out > > I had a machine with this line in /etc/rc.conf: > > ifconfig_bla0="192.168.87.11" > > I found out the hard way, that this defaults to /8 now. > > The main symptom was that DNS was /really/ busted, which makes sense > when none of the DNS servers in the 192/8 "swamp" can be reached. > > Since we all know that it is always DNS(SEC), I spent a lot of time > having fun with that, before I noticed the /8 netmask on the interface. > > I agree that the class A/B/C netmask assumptions should have died long ago. > > But from a foot-shooting point of view, it makes no sense to default > 192.168/16 to a /8 netmask. > > If we're going to default to /8, at the very least ifconfig should > spitting out a very noisy warning and wait 5 seconds before proceeding, > when the netmask is not explicitly specified. > > But I also think we can do better than /8. > > One option is to go for "limit the damage in RFC1918" and default > them according to their size: reach: > > 10/8 > 172.16/12 > 192.168/16 > > That will prevent the DNS weirdness I had to figure out, and probably > still DWIM in most cases. > > Another option is to default all three to /24, which in my experience > is how people deploy RFC1918. > > A third option is to default any missing netmask to /24 instead of /8, > which would be what I would personally have done in the first place. > > Poul-Henning > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > > > > What do you thing about defaulting to /32 on a missing netmask? An interface with 1 IP address without any information about the network. All traffic can go to the gateway. Regards, Ronald. ------=_Part_6718_235755784.1718185609092 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <html><head></head><body><br> <p><strong>Van:</strong> Poul-Henning Kamp <phk@phk.freebsd.dk><br> <strong>Datum:</strong> woensdag, 12 juni 2024 09:47<br> <strong>Aan:</strong> current@freebsd.org<br> <strong>Onderwerp:</strong> 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out</p> <blockquote style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: #000000 2px solid; margin-right: 0px"> <div class="MessageRFC822Viewer" id="P"> <div class="TextPlainViewer" id="P.P">I had a machine with this line in /etc/rc.conf:<br> <br> ifconfig_bla0="192.168.87.11"<br> <br> I found out the hard way, that this defaults to /8 now.<br> <br> The main symptom was that DNS was /really/ busted, which makes sense<br> when none of the DNS servers in the 192/8 "swamp" can be reached.<br> <br> Since we all know that it is always DNS(SEC), I spent a lot of time<br> having fun with that, before I noticed the /8 netmask on the interface.<br> <br> I agree that the class A/B/C netmask assumptions should have died long ago.<br> <br> But from a foot-shooting point of view, it makes no sense to default<br> 192.168/16 to a /8 netmask.<br> <br> If we're going to default to /8, at the very least ifconfig should<br> spitting out a very noisy warning and wait 5 seconds before proceeding,<br> when the netmask is not explicitly specified.<br> <br> But I also think we can do better than /8.<br> <br> One option is to go for "limit the damage in RFC1918" and default<br> them according to their size: reach:<br> <br> 10/8<br> 172.16/12<br> 192.168/16<br> <br> That will prevent the DNS weirdness I had to figure out, and probably<br> still DWIM in most cases.<br> <br> Another option is to default all three to /24, which in my experience<br> is how people deploy RFC1918.<br> <br> A third option is to default any missing netmask to /24 instead of /8,<br> which would be what I would personally have done in the first place.<br> <br> Poul-Henning<br> <br> -- <br> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20<br> phk@FreeBSD.ORG | TCP/IP since RFC 956<br> FreeBSD committer | BSD since 4.3-tahoe<br> Never attribute to malice what can adequately be explained by incompetence.<br> </div> <hr></div> </blockquote> <br> <br> What do you thing about defaulting to /32 on a missing netmask?<br> An interface with 1 IP address without any information about the network. All traffic can go to the gateway.<br> <br> Regards,<br> Ronald.<br> </body></html> ------=_Part_6718_235755784.1718185609092--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413984193.6719.1718185609109>