Date: Thu, 16 Jan 1997 04:38:16 +0100 (MET) From: Robert Eckardt <roberte@mep.ruhr-uni-bochum.de> To: roberte@ghost.mep.ruhr-uni-bochum.de (roberte) Cc: questions@freebsd.org Subject: Re: resolver on 2.2-BETA Message-ID: <199701160338.EAA00774@ghost.mep.ruhr-uni-bochum.de>
next in thread | raw e-mail | index | archive | help
Hello, thanks to all who replied to my question about the resolver in 2.2 ! Let me summarize: I wrote: > after upgrading to 2.2-BETA_A I noticed that something has changed with > the resolver. > In releases up to 2.1.5 it was sufficient for me to type e.g. > `telnet hadron.tp2' to reach a different subdomain in the same > domain of our university. (The resolver tried besides `hadron.tp2' also > `hadron.tp2.ruhr-uni-bochum.de' and `hadron.tp2.mep.ruhr-uni-bochum.de') > > However, now `telnet hadron.tp2.ruhr-uni-bochum.de' (or the IP#, which > is shorter :-) is required. [..] > /etc/resolv.conf: > domain mep.ruhr-uni-bochum.de > nameserver 134.147.6.1 [..] > Can I configure something to get the old behaviour, is this a bug > or was it done to comply with some standard ? The answer is `Yes, I can do something.' and `It was done to comply with RFC1535 to close a vulnerability in old "all too-forgiving DNS clients"'. To obtain the old behaviour /etc/resolv.conf should read: search mep.ruhr-uni-bochum.de ruhr-uni-bochum.de nameserver 134.147.6.1 This should be done, however, only(!) when one can trust not only the administrator of `mep.ruhr-uni-bochum.de' but also the one of `ruhr-uni-bochum.de' (in this example). BEWARE: This leaves still a hole as I might want to reach a host `tp2.mep.ruhr-uni-bochum.de' by typing only `tp2' which doesn't exist, but which might resolve to `tp2.ruhr-uni-bochum.de', which might be a CNAME for a machine that appears to be `tp2.mep.ruhr-uni-bochum.de' and asks for my login and password ... Robert -- Robert Eckardt \\ FreeBSD -- solutions for a large universe.(tm) RobertE@MEP.Ruhr-Uni-Bochum.de \\ What do you want to boot tomorrow ?(tm) http://WWW.MEP.Ruhr-Uni-Bochum.de/~roberte For PGP-key finger roberte@gluon.MEP.Ruhr-Uni-Bochum.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701160338.EAA00774>