From owner-freebsd-questions Wed Jan 15 19:38:29 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id TAA24253 for questions-outgoing; Wed, 15 Jan 1997 19:38:29 -0800 (PST) Received: from ghost.mep.ruhr-uni-bochum.de (ghost.mep.ruhr-uni-bochum.de [134.147.6.16]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id TAA24232 for ; Wed, 15 Jan 1997 19:38:20 -0800 (PST) Received: (from roberte@localhost) by ghost.mep.ruhr-uni-bochum.de (8.8.4/8.7.3) id EAA00774; Thu, 16 Jan 1997 04:38:17 +0100 (MET) From: Robert Eckardt Message-Id: <199701160338.EAA00774@ghost.mep.ruhr-uni-bochum.de> Subject: Re: resolver on 2.2-BETA To: roberte@ghost.mep.ruhr-uni-bochum.de (roberte) Date: Thu, 16 Jan 1997 04:38:16 +0100 (MET) Cc: questions@freebsd.org X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello, thanks to all who replied to my question about the resolver in 2.2 ! Let me summarize: I wrote: > after upgrading to 2.2-BETA_A I noticed that something has changed with > the resolver. > In releases up to 2.1.5 it was sufficient for me to type e.g. > `telnet hadron.tp2' to reach a different subdomain in the same > domain of our university. (The resolver tried besides `hadron.tp2' also > `hadron.tp2.ruhr-uni-bochum.de' and `hadron.tp2.mep.ruhr-uni-bochum.de') > > However, now `telnet hadron.tp2.ruhr-uni-bochum.de' (or the IP#, which > is shorter :-) is required. [..] > /etc/resolv.conf: > domain mep.ruhr-uni-bochum.de > nameserver 134.147.6.1 [..] > Can I configure something to get the old behaviour, is this a bug > or was it done to comply with some standard ? The answer is `Yes, I can do something.' and `It was done to comply with RFC1535 to close a vulnerability in old "all too-forgiving DNS clients"'. To obtain the old behaviour /etc/resolv.conf should read: search mep.ruhr-uni-bochum.de ruhr-uni-bochum.de nameserver 134.147.6.1 This should be done, however, only(!) when one can trust not only the administrator of `mep.ruhr-uni-bochum.de' but also the one of `ruhr-uni-bochum.de' (in this example). BEWARE: This leaves still a hole as I might want to reach a host `tp2.mep.ruhr-uni-bochum.de' by typing only `tp2' which doesn't exist, but which might resolve to `tp2.ruhr-uni-bochum.de', which might be a CNAME for a machine that appears to be `tp2.mep.ruhr-uni-bochum.de' and asks for my login and password ... Robert -- Robert Eckardt \\ FreeBSD -- solutions for a large universe.(tm) RobertE@MEP.Ruhr-Uni-Bochum.de \\ What do you want to boot tomorrow ?(tm) http://WWW.MEP.Ruhr-Uni-Bochum.de/~roberte For PGP-key finger roberte@gluon.MEP.Ruhr-Uni-Bochum.de