Date: Wed, 12 Jun 2024 11:29:47 -0700 From: Chris <bsd-lists@bsdforge.com> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: current@freebsd.org Subject: Re: 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out Message-ID: <8f38acff4a9d2e33b801dcde1b2bcdcb@bsdforge.com> In-Reply-To: <202406120747.45C7lRGZ009491@critter.freebsd.dk> References: <202406120747.45C7lRGZ009491@critter.freebsd.dk>
index | next in thread | previous in thread | raw e-mail
On 2024-06-12 00:47, Poul-Henning Kamp wrote: > I had a machine with this line in /etc/rc.conf: > > ifconfig_bla0="192.168.87.11" > > I found out the hard way, that this defaults to /8 now. > > The main symptom was that DNS was /really/ busted, which makes sense > when none of the DNS servers in the 192/8 "swamp" can be reached. > > Since we all know that it is always DNS(SEC), I spent a lot of time > having fun with that, before I noticed the /8 netmask on the interface. > > I agree that the class A/B/C netmask assumptions should have died long ago. > > But from a foot-shooting point of view, it makes no sense to default > 192.168/16 to a /8 netmask. > > If we're going to default to /8, at the very least ifconfig should > spitting out a very noisy warning and wait 5 seconds before proceeding, > when the netmask is not explicitly specified. > > But I also think we can do better than /8. > > One option is to go for "limit the damage in RFC1918" and default > them according to their size: reach: > > 10/8 > 172.16/12 > 192.168/16 > > That will prevent the DNS weirdness I had to figure out, and probably > still DWIM in most cases. > > Another option is to default all three to /24, which in my experience > is how people deploy RFC1918. > > A third option is to default any missing netmask to /24 instead of /8, > which would be what I would personally have done in the first place. I couldn't agree more. CPEs, WiFi AP's and most other network(ing) equipment that most users encounter, generally default to a /24 (255.255.255.0). IMHO this would result in the least amount of POLA. :) > > Poul-Henning --Chrishelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8f38acff4a9d2e33b801dcde1b2bcdcb>