FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 11-20-2007, 05:05 PM
"Sebastien Estienne"
 
Default Server issues

On Nov 20, 2007 6:10 PM, Ante Karamatić <ivoks@grad.hr> wrote:
> On Tue, 20 Nov 2007 16:15:59 +0100
> "Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:
>
> > sebest@delly2:~$ cat /etc/default/avahi-daemon
> > # 0 = don't start, 1 = start
> > AVAHI_DAEMON_START=1
>
> But, that's not enough. Avahi (and everything done to make it
> usable) breaks some stuff on computers on which it doesn't even run.
>
> Best example is broken PPTP (VPN) when the other side is using .local
> domain. Then you have to edit /etc/nsswitch.conf and remove all the
> mdns stuff.

Could you be more specific about the issue you had?

FYI macOsX has exactly the same feature enabled by default, it's
called "bonjour" and the process on OsX is mDNSResponder
the .local is the default zeroconf domain, one common issue is that
microsoft also recommend to use this domain
"http://support.microsoft.com/kb/296250", this clashes with zeroconf
.local

i think it's not specific to avahi, but to zeroconf and dns in general.

>
> I'm all for removing avahi. It did me more harm than good.
>
> --
>
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Sebastien Estienne
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 05:20 PM
"Sebastien Estienne"
 
Default Server issues

> > Why do you want to "remove" it, disabling it is not enough?
> Excellent question, and raises the issue of why I hate it so much. The
> thing keeps coming back from the dead, especially at upgrade time.
>
>
> > It's a community effort, you can now add this information to the
> documentation.
>
> I don't think you are understanding my point about documentation. The thing
> that is really broken is the process. Yes, this particular information can
> be added to the docs for this particular piece of software, but that won't
> fix the process. If we don't nip this trend in the bud, we'll end up with
> substantially undocumented system that only a few "experts" contribute to.
>
> There are many specific reasons that Ubuntu is based on Debian, but all of
> the specifics are the result of a general process that produces a high
> quality product. The process is codified in the Debian Policy Manual. That
> process requires documentation so that everyone can participate and improve
> the product. It's not a difficult step to add a man page; it's just a step
> that needs doing _for_every_package_.

agreed.

I agree that the manpage should contain explanation about disabling
avahi-daemon.

>
>
> > It's perfectly intelligible to someone who knows zeroconf, avahi is
> > just an implementation of of it.
>
> Well . . . that's my point: You have to already know zeroconf to understand
> the documentation. But that's silly, of course, because if you already know
> how it works, you don't need the documentation in the first place.
>

My point is that knowing what zeroconf is, is out of the scope of the
ubuntu documentation.
You don't except to find documentation about HTTP, DNS and so on in
the ubuntu docs, they are generic technologies, and wikipedia is a
good source of information for these.

>
> > Before this sentence that you can read:
> > " The Avahi mDNS/DNS-SD daemon implementing Apple's ZeroConf
> > architecture (also known as "Rendezvous" or "Bonjour")."
> > If the manpage is not clear enough, you could look for "zeroconf" in
> wikipedia
> > http://en.wikipedia.org/wiki/Zeroconf
>
> (1) If your networking system is hosed up, you can't read wikipedia or
> google.
> (2) If you want to rely on wikipedia, you don't need authoritative
> documentation on the system at all. For that matter, you don't need to
> include the source code either because you could just search the web and
> read the latest development branch online. While we're at it, let's go all
> the way and get rid of the help menus, too. We all hate writing help
> documentation, and anyway all the cool people already know. Let's all just
> ship a bunch of undocumented binaries and play hide-the-ball and
> go-find-it-yourself.
>
> I'm a manufacturer trying to fix Bug Number One. To do that, I have to ship
> a product that's easy to learn for those who DON'T already know.

BTW, zeroconf was created to for the people who DON'T know, and allow
them to have a working network without any configuration:

from wikipedia: "Zeroconf or Zero Configuration Networking is a set of
techniques that automatically create a usable IP network without
configuration or special servers. This allows inexpert users to
connect computers, networked printers, and other items together and
expect them to work automatically"

So i think avahi and zeroconf also try to fix bug number 1.
--
Sebastien Estienne

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 05:51 PM
Ante Karamatić
 
Default Server issues

On Tue, 20 Nov 2007 19:05:23 +0100
"Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:

> Could you be more specific about the issue you had?

You said it your self. It doesn't work if you use .local domain. You
have zeroconf/avahi claiming .local domain and DNS server also
claiming .local. And, since avahi has precedence in nsswitch.conf, you
can't connect to any machine with real .local domain.

> FYI macOsX has exactly the same feature enabled by default, it's
> called "bonjour" and the process on OsX is mDNSResponder
> the .local is the default zeroconf domain, one common issue is that
> microsoft also recommend to use this domain
> "http://support.microsoft.com/kb/296250", this clashes with zeroconf
> .local

I'm quite aware of lots of OSX pitfalls and shortcomings and that's why
I don't use it. Apple doesn't produce only good stuff. Ou contraire.

And it's not only MS. A lot of private domains use .local name,
because .local is, as MS correctly points out, not registered for use on
Internet.

> i think it's not specific to avahi, but to zeroconf and dns in
> general.

It's not. I'm not arguing that avahi is bad. Protocol it tries to
implement is broken by design. Protocol It self should use some
not-so-generic domain, like .zeroconf, but there's nothing we can do
about that.

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 06:15 PM
Scott Kitterman
 
Default Server issues

On Tue, 20 Nov 2007 19:05:23 +0100 "Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:
>On Nov 20, 2007 6:10 PM, Ante Karamati <ivoks@grad.hr> wrote:
>> On Tue, 20 Nov 2007 16:15:59 +0100
>> "Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:
>>
>> > sebest@delly2:~$ cat /etc/default/avahi-daemon
>> > # 0 = don't start, 1 = start
>> > AVAHI_DAEMON_START=1
>>
>> But, that's not enough. Avahi (and everything done to make it
>> usable) breaks some stuff on computers on which it doesn't even run.
>>
>> Best example is broken PPTP (VPN) when the other side is using .local
>> domain. Then you have to edit /etc/nsswitch.conf and remove all the
>> mdns stuff.
>
>Could you be more specific about the issue you had?
>
>FYI macOsX has exactly the same feature enabled by default, it's
>called "bonjour" and the process on OsX is mDNSResponder
>the .local is the default zeroconf domain, one common issue is that
>microsoft also recommend to use this domain
>"http://support.microsoft.com/kb/296250", this clashes with zeroconf
>.local
>
>i think it's not specific to avahi, but to zeroconf and dns in general.
>
And the Microsoft one is the one the IETF standardized. All the more reason not to install, let alone enable, it by default.

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 06:28 PM
"Sebastien Estienne"
 
Default Server issues

On Nov 20, 2007 8:15 PM, Scott Kitterman <ubuntu@kitterman.com> wrote:
> On Tue, 20 Nov 2007 19:05:23 +0100 "Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:
> >On Nov 20, 2007 6:10 PM, Ante Karamati <ivoks@grad.hr> wrote:
> >> On Tue, 20 Nov 2007 16:15:59 +0100
> >> "Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:
> >>
> >> > sebest@delly2:~$ cat /etc/default/avahi-daemon
> >> > # 0 = don't start, 1 = start
> >> > AVAHI_DAEMON_START=1
> >>
> >> But, that's not enough. Avahi (and everything done to make it
> >> usable) breaks some stuff on computers on which it doesn't even run.
> >>
> >> Best example is broken PPTP (VPN) when the other side is using .local
> >> domain. Then you have to edit /etc/nsswitch.conf and remove all the
> >> mdns stuff.
> >
> >Could you be more specific about the issue you had?
> >
> >FYI macOsX has exactly the same feature enabled by default, it's
> >called "bonjour" and the process on OsX is mDNSResponder
> >the .local is the default zeroconf domain, one common issue is that
> >microsoft also recommend to use this domain
> >"http://support.microsoft.com/kb/296250", this clashes with zeroconf
> >.local
> >
> >i think it's not specific to avahi, but to zeroconf and dns in general.
> >
> And the Microsoft one is the one the IETF standardized. All the more reason not to install, let alone enable, it by default.

Where is the RFC that the IETF issued about .local ?

And i don't see why, microsoft is more right or wrong to use .local as
zeroconf do?
http://tools.ietf.org/id/draft-kato-dnsop-local-zones-00.txt explains
that you should use .localhost and not .local

>
> Scott K
>
> --
>
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Sebastien Estienne

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 07:06 PM
Thilo Six
 
Default Server issues

Sebastien Estienne wrote the following on 20.11.2007 17:47

<<-snip->>

> No open ports by default?
> How would you use dhcp udp/68 or dns udp/53 without opening ports by default?

OP means from outside, not from inside.

bye
--
Thilo

key: 0x4A411E09


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 07:48 PM
"Sebastien Estienne"
 
Default Server issues

On Nov 20, 2007 9:06 PM, Thilo Six <T.Six@gmx.de> wrote:
> Sebastien Estienne wrote the following on 20.11.2007 17:47
>
> <<-snip->>
>
> > No open ports by default?
> > How would you use dhcp udp/68 or dns udp/53 without opening ports by default?
>
> OP means from outside, not from inside.

sebest@mercure:~$ sudo netstat -upna | grep dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:*
6708/dhclient

is it only accessible from inside?

>
> bye
> --
> Thilo
>
> key: 0x4A411E09
>
>
> --
>
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Sebastien Estienne

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 08:43 PM
Thilo Six
 
Default Server issues

Sebastien Estienne wrote the following on 20.11.2007 21:48

<<-snip->>

> sebest@mercure:~$ sudo netstat -upna | grep dhclient
> udp 0 0 0.0.0.0:68 0.0.0.0:*
> 6708/dhclient
^^^^

> is it only accessible from inside?

dhclient is no service

--
Thilo

key: 0x4A411E09


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 08:59 PM
"David L. Willson"
 
Default Server issues

About this .local domain: I know there's an RFC that defines it for use
with multicast, but I was not aware that "the Microsoft one is the one
the IETF standardized". I always thought that Microsoft made this
recommendation for using .local in violation of the RFC, like they
violate the CSS standard (one pixel off render bug), and the DHCP
standard (non-release at shutdown, continued use of an expired lease),
and some DNS standards (undocumented client fail-over).

Can someone point me to the relevant IETF document, so I know what the
standard is?

>


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 09:18 PM
Neal McBurnett
 
Default Server issues

On Tue, Nov 20, 2007 at 08:28:44PM +0100, Sebastien Estienne wrote:
> On Nov 20, 2007 8:15 PM, Scott Kitterman <ubuntu@kitterman.com> wrote:
> > On Tue, 20 Nov 2007 19:05:23 +0100 "Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:
> > >FYI macOsX has exactly the same feature enabled by default, it's
> > >called "bonjour" and the process on OsX is mDNSResponder
> > >the .local is the default zeroconf domain, one common issue is that
> > >microsoft also recommend to use this domain
> > >"http://support.microsoft.com/kb/296250", this clashes with zeroconf
> > >.local
> > >
> > >i think it's not specific to avahi, but to zeroconf and dns in general.
> > >
> > And the Microsoft one is the one the IETF standardized. All the more reason not to install, let alone enable, it by default.
>
> Where is the RFC that the IETF issued about .local ?
>
> And i don't see why, microsoft is more right or wrong to use .local as
> zeroconf do?
> http://tools.ietf.org/id/draft-kato-dnsop-local-zones-00.txt explains
> that you should use .localhost and not .local

Quoting that document (an "internet draft" of the sort which anyone
can submit any time), we find it is not supposed to be quoted :-)

Operational Guidelines for "local" zones in the DNS
draft-kato-dnsop-local-zones-00.txt
Expires: August 24, 2003 February 24, 2003

Status of this Memo
...
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.'

I haven't really caught up over the last 18 months with what has
happened in the big IETF debates about mDNS (so-called "Apple") vs
LLMNR (Link-local Multicast Name Resolution - so called "Microsoft").

But I haven't heard that there is anything on the road to
standardization.

RFC 4795 was published http://tools.ietf.org/html/rfc4795
Link-Local Multicast Name Resolution (LLMNR)

but that is just an "Informational" RFC, and just about anyone who is
persistent enough can get one of those published.

Security issues have been identified with both of them,
since they let systems mess with names that look like
official dns names.

I find a lot of appeal to finding a good standard for simplified
configuration, like zeroconf. But I think that it is a difficult
thing to get right :-(

Neal McBurnett http://mcburnett.org/neal/

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 11:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org