FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 11-20-2007, 11:29 PM
Scott Kitterman
 
Default Fwd: Server issues

This one doesn't seem to have made it to the list.

Scott K

---------- Forwarded Message ----------

Subject: Re: Server issues
Date: Tuesday 20 November 2007 17:18
From: Neal McBurnett <neal@bcn.boulder.co.us>
To: Sebastien Estienne <sebastien.estienne@gmail.com>
Cc: Scott Kitterman <ubuntu@kitterman.com>, ubuntu-server@lists.ubuntu.com

On Tue, Nov 20, 2007 at 08:28:44PM +0100, Sebastien Estienne wrote:
> On Nov 20, 2007 8:15 PM, Scott Kitterman <ubuntu@kitterman.com> wrote:
> > On Tue, 20 Nov 2007 19:05:23 +0100 "Sebastien Estienne"
<sebastien.estienne@gmail.com> wrote:
> > >FYI macOsX has exactly the same feature enabled by default, it's
> > >called "bonjour" and the process on OsX is mDNSResponder
> > >the .local is the default zeroconf domain, one common issue is that
> > >microsoft also recommend to use this domain
> > >"http://support.microsoft.com/kb/296250", this clashes with zeroconf
> > >.local
> > >
> > >i think it's not specific to avahi, but to zeroconf and dns in general.
> >
> > And the Microsoft one is the one the IETF standardized. All the more
> > reason not to install, let alone enable, it by default.
>
> Where is the RFC that the IETF issued about .local ?
>
> And i don't see why, microsoft is more right or wrong to use .local as
> zeroconf do?
> http://tools.ietf.org/id/draft-kato-dnsop-local-zones-00.txt explains
> that you should use .localhost and not .local

Quoting that document (an "internet draft" of the sort which anyone
can submit any time), we find it is not supposed to be quoted :-)

Operational Guidelines for "local" zones in the DNS
draft-kato-dnsop-local-zones-00.txt
Expires: August 24, 2003 February 24, 2003

Status of this Memo
...
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.'

I haven't really caught up over the last 18 months with what has
happened in the big IETF debates about mDNS (so-called "Apple") vs
LLMNR (Link-local Multicast Name Resolution - so called "Microsoft").

But I haven't heard that there is anything on the road to
standardization.

RFC 4795 was published http://tools.ietf.org/html/rfc4795
Link-Local Multicast Name Resolution (LLMNR)

but that is just an "Informational" RFC, and just about anyone who is
persistent enough can get one of those published.

Security issues have been identified with both of them,
since they let systems mess with names that look like
official dns names.

I find a lot of appeal to finding a good standard for simplified
configuration, like zeroconf. But I think that it is a difficult
thing to get right :-(

Neal McBurnett http://mcburnett.org/neal/

-------------------------------------------------------

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 11:48 PM
Scott Kitterman
 
Default Fwd: Server issues

On Tuesday 20 November 2007 17:18, Neal McBurnett wrote:

> I haven't really caught up over the last 18 months with what has
> happened in the big IETF debates about mDNS (so-called "Apple") vs
> LLMNR (Link-local Multicast Name Resolution - so called "Microsoft").
>
> But I haven't heard that there is anything on the road to
> standardization.
>
> RFC 4795 was published http://tools.ietf.org/html/rfc4795
> Link-Local Multicast Name Resolution (LLMNR)
>
> but that is just an "Informational" RFC, and just about anyone who is
> persistent enough can get one of those published.
>
> Security issues have been identified with both of them,
> since they let systems mess with names that look like
> official dns names.
>
> I find a lot of appeal to finding a good standard for simplified
> configuration, like zeroconf. But I think that it is a difficult
> thing to get right :-(
>
The IESG note covers it pretty well (at least at a high level):

IESG Note


This document was originally intended for advancement as a Proposed
Standard, but the IETF did not achieve consensus on the approach.
The document has had significant review and input. At time of
publication, early versions were implemented and deployed.

The lack of consensus (anyone can search the IETF main list for the last call
discussion on this RFC, it was pretty extensive) was primarily over whether
to use the mDNS or LLMNR protocols in the .local namespace. Informational or
not, it's a published RFC. The distinction among Informational,
Experimental, and Proposed Standard is significant within the IETF community,
but in the wider internet world, I don't think people really know or care.

So currently we install and enable a system using an unstandarized protocol
that works in the same namespace with another protocol that fulfills
essentially the same purpose and that protocol is at least documented in an
(Informational) RFC. The key point here is that the IETF picked one and it
isn't the one we use.

Personally, I don't like zeroconf a bit. I like to actually configure my
boxes before they start to talk to other boxes.

Additionally, they are both, IMO broken by design.

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-21-2007, 12:46 AM
"Sebastien Estienne"
 
Default Fwd: Server issues

On Nov 21, 2007 1:48 AM, Scott Kitterman <ubuntu@kitterman.com> wrote:
> On Tuesday 20 November 2007 17:18, Neal McBurnett wrote:
>
> > I haven't really caught up over the last 18 months with what has
> > happened in the big IETF debates about mDNS (so-called "Apple") vs
> > LLMNR (Link-local Multicast Name Resolution - so called "Microsoft").
> >
> > But I haven't heard that there is anything on the road to
> > standardization.
> >
> > RFC 4795 was published http://tools.ietf.org/html/rfc4795
> > Link-Local Multicast Name Resolution (LLMNR)
> >
> > but that is just an "Informational" RFC, and just about anyone who is
> > persistent enough can get one of those published.
> >
> > Security issues have been identified with both of them,
> > since they let systems mess with names that look like
> > official dns names.
> >
> > I find a lot of appeal to finding a good standard for simplified
> > configuration, like zeroconf. But I think that it is a difficult
> > thing to get right :-(
> >
> The IESG note covers it pretty well (at least at a high level):
>
> IESG Note
>
>
> This document was originally intended for advancement as a Proposed
> Standard, but the IETF did not achieve consensus on the approach.
> The document has had significant review and input. At time of
> publication, early versions were implemented and deployed.
>
> The lack of consensus (anyone can search the IETF main list for the last call
> discussion on this RFC, it was pretty extensive) was primarily over whether
> to use the mDNS or LLMNR protocols in the .local namespace. Informational or
> not, it's a published RFC. The distinction among Informational,
> Experimental, and Proposed Standard is significant within the IETF community,
> but in the wider internet world, I don't think people really know or care.

So neither is a standard, so zeroconf is not more or less 'breaking'
things than ms llmnr when using .local
And it seems that ms recommends to use .local even for unicast dns,
and thats neither a good practice.

>
> So currently we install and enable a system using an unstandarized protocol
> that works in the same namespace with another protocol that fulfills
> essentially the same purpose and that protocol is at least documented in an
> (Informational) RFC. The key point here is that the IETF picked one and it
> isn't the one we use.

First i don't see that ietf choosed one or the other, but the real question is:
How many linux applications implement zeroconf, and how many implement llmnr?

>
> Personally, I don't like zeroconf a bit. I like to actually configure my
> boxes before they start to talk to other boxes.

So you don't need it, that's why you can disable it.
Zeroconf is not only about setting your ip adress automatically, it's
about making your network printer just work without having to look for
an IP/PORT, it's about sharing music without asking an IP adress.

I totally agree that these technologies are only usefull in small
local network (family or small business), and should/could be disable
on servers that live in datacenters.

And that's why it's hard to have a default install for servers.
My home ubuntu server it totally different from the ubuntu servers i
run in datacenter:
- at home one server does everything from printing, dns, dhcp, lamp
- in the datacenter each farm of servers only do one task: apache,
mysql, storage, etc

that's why in the datacenter i'm using something closer to
ubuntu-minimal than the ubuntu-server CD.

And that's maybe what this thread is all about:
Having a really minimalist working install for experienced users,
personnaly i'm using FAI for my servers, it installs ubuntu-minimal +
kernel + the specific packages for the task, eg: mysql-server.

that's why i've never seen avahi on one of the servers i run in datacenters.


>
> Additionally, they are both, IMO broken by design.

How could we fix zeroconf?

>
> Scott K
>
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Sebastien Estienne

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-21-2007, 01:15 AM
Neal McBurnett
 
Default Fwd: Server issues

Sebastian posted a good response on the real issue at hand, so feel
free to ignore this post of mine unless you want to hear me
pontificate on why Informational != IETF_standard :-)

I don't really have a well informed opinion on the topic of zeroconf
and/or LLMNR, despite having paid some attention to it.

On Tue, Nov 20, 2007 at 07:48:20PM -0500, Scott Kitterman wrote:
> IESG Note
>
> This document was originally intended for advancement as a Proposed
> Standard, but the IETF did not achieve consensus on the approach.
> The document has had significant review and input. At time of
> publication, early versions were implemented and deployed.

That is very helpful. This particular "Informational" RFC has
had way more review than most.

Though see also "Status of This Memo":
http://tools.ietf.org/html/rfc4795
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind.

> The lack of consensus (anyone can search the IETF main list for the
> last call discussion on this RFC, it was pretty extensive) was
> primarily over whether to use the mDNS or LLMNR protocols in the
> .local namespace. Informational or not, it's a published RFC. The
> distinction among Informational, Experimental, and Proposed Standard
> is significant within the IETF community, but in the wider internet
> world, I don't think people really know or care.

But having worked with standards for a few decades and with the IETF
since 1995 on and off, I strongly suggest that in general people
shouldn't treat Informational or Experimental protocols at all like
protocols on the standards track. That is almost like comparing the
rantings of some congressman in the Congressional Record to a law that
is also published in the Congressional Record.

To quote the Tao of the IETF (itself Informational :-)
http://www.faqs.org/rfcs/rfc3160.html

some people refer to Informational RFCs as "standards" even though
the RFCs are not standards, usually to fool the gullible public
about something that the person is selling or supporting. When this
happens, the debate about Informational RFCs is renewed.

Statistically speaking, most Informational RFCs may be interesting and
serious reading about good stuff. And of course they are generally
way better than proprietary "industry standards", since they are
published to be read by anyone. But they are intentionally not to be
treated as open standards.

> So currently we install and enable a system using an unstandarized protocol
> that works in the same namespace with another protocol that fulfills
> essentially the same purpose and that protocol is at least documented in an
> (Informational) RFC. The key point here is that the IETF picked one and it
> isn't the one we use.

Note that the IETF asked the Zeroconf folks to also publish their
protocol, which is much more widely used, as Informational also. So
in no way did the IETF finally "pick one" officially.

The working group that dealt with it, dnsext
(http://ietf.org/html.charters/dnsext-charter.html) did pick LLMNR,
and that is generally a pretty big vote of confidence in the IETF.
But I've seen enough of the debate to have serious question as to
whether there was much good reason to go the way the working group did
in terms of proposing LLMNR as their choice for a standard for last
call. See e.g. the rather interesting comments of Stuart Cheshire (a
primary mDNS/DNS-SD proponent):

http://www1.ietf.org/mail-archive/web/ietf/current/msg37340.html

What happened was that the DNSEXT working group disagreed with me on
the problem statement. I said, "Here's a proposed way to do simple
effective service discovery using existing DNS record types." The
DNSEXT working group said, "The DNS protocol is not to be used for
service discovery. We forbid it, and furthermore, to prove the point,
we're going to design a protocol of our own that superficially looks
like yours but can't be used for service discovery."

Neal McBurnett http://mcburnett.org/neal/

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-21-2007, 01:37 AM
Scott Kitterman
 
Default Fwd: Server issues

On Tuesday 20 November 2007 20:46, Sebastien Estienne wrote:
> On Nov 21, 2007 1:48 AM, Scott Kitterman <ubuntu@kitterman.com> wrote:
> > On Tuesday 20 November 2007 17:18, Neal McBurnett wrote:
> > > I haven't really caught up over the last 18 months with what has
> > > happened in the big IETF debates about mDNS (so-called "Apple") vs
> > > LLMNR (Link-local Multicast Name Resolution - so called "Microsoft").
> > >
> > > But I haven't heard that there is anything on the road to
> > > standardization.
> > >
> > > RFC 4795 was published http://tools.ietf.org/html/rfc4795
> > > Link-Local Multicast Name Resolution (LLMNR)
> > >
> > > but that is just an "Informational" RFC, and just about anyone who is
> > > persistent enough can get one of those published.
> > >
> > > Security issues have been identified with both of them,
> > > since they let systems mess with names that look like
> > > official dns names.
> > >
> > > I find a lot of appeal to finding a good standard for simplified
> > > configuration, like zeroconf. But I think that it is a difficult
> > > thing to get right :-(
> >
> > The IESG note covers it pretty well (at least at a high level):
> >
> > IESG Note
> >
> >
> > This document was originally intended for advancement as a Proposed
> > Standard, but the IETF did not achieve consensus on the approach.
> > The document has had significant review and input. At time of
> > publication, early versions were implemented and deployed.
> >
> > The lack of consensus (anyone can search the IETF main list for the last
> > call discussion on this RFC, it was pretty extensive) was primarily over
> > whether to use the mDNS or LLMNR protocols in the .local namespace.
> > Informational or not, it's a published RFC. The distinction among
> > Informational, Experimental, and Proposed Standard is significant within
> > the IETF community, but in the wider internet world, I don't think people
> > really know or care.
>
> So neither is a standard, so zeroconf is not more or less 'breaking'
> things than ms llmnr when using .local
> And it seems that ms recommends to use .local even for unicast dns,
> and thats neither a good practice.

Yes and equally the Standards for email are RFC 821/822 and not RFC 2821/2822,
but try to operate a mail server without using the not the standards RFC. As
I said, for most, standard == has an RFC. From an IETF point you are exactly
right, but most won't know or care.

> > So currently we install and enable a system using an unstandarized
> > protocol that works in the same namespace with another protocol that
> > fulfills essentially the same purpose and that protocol is at least
> > documented in an (Informational) RFC. The key point here is that the
> > IETF picked one and it isn't the one we use.
>
> First i don't see that ietf choosed one or the other, but the real question
> is: How many linux applications implement zeroconf, and how many implement
> llmnr?

No. That's not the real question IMO. The real questions are on the network.
What are the interoperability considerations in a mixed LLMNR/mDNS network?
What is the effect on the DNS root servers of the .local lookups bouncing off
of them (I've looked and every SOHO router I've tested will just ask up the
line for what any .local name should resolve to).

> > Personally, I don't like zeroconf a bit. I like to actually configure my
> > boxes before they start to talk to other boxes.
>
> So you don't need it, that's why you can disable it.
> Zeroconf is not only about setting your ip adress automatically, it's
> about making your network printer just work without having to look for
> an IP/PORT, it's about sharing music without asking an IP adress.

Yes, so fix the architectural brokeness, don't run it by default and then lets
talk.

> I totally agree that these technologies are only usefull in small
> local network (family or small business), and should/could be disable
> on servers that live in datacenters.

Put differently, it's suitable for servers not operating directly on the
internet.

> And that's why it's hard to have a default install for servers.
> My home ubuntu server it totally different from the ubuntu servers i
> run in datacenter:
> - at home one server does everything from printing, dns, dhcp, lamp
> - in the datacenter each farm of servers only do one task: apache,
> mysql, storage, etc

Yes. So I think that's a strong argument for why it should be removed.

> that's why in the datacenter i'm using something closer to
> ubuntu-minimal than the ubuntu-server CD.

I think (particulalry now that we have more tasksel options) the default
vanilla Ubuntu Server install should be minimalistic. None of my servers
have avahi on them, but I think it's better to have it at least not running
and I see little point in installing it if it's not going to run.

> And that's maybe what this thread is all about:
> Having a really minimalist working install for experienced users,
> personnaly i'm using FAI for my servers, it installs ubuntu-minimal +
> kernel + the specific packages for the task, eg: mysql-server.

I'd say the core ubuntu-server install should be that minimalist install and
then less experienced users use tasksel to get what else they need.

> that's why i've never seen avahi on one of the servers i run in
> datacenters.

Me neither.

> > Additionally, they are both, IMO broken by design.
>
> How could we fix zeroconf?

The biggest issue (at least from my perspective) is the basic issue that if
you issue DNS requests to a non-mDNS aware DNS server you end up dumping
stuff onto the root DNS servers. So there needs to be a way for discovery to
occur without DNS requests.

I guess my answer is change mDNS so it doesn't use DNS (moving it off port 53
would be sufficient).

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-21-2007, 02:08 AM
"Sebastien Estienne"
 
Default Fwd: Server issues

On Nov 21, 2007 3:37 AM, Scott Kitterman <ubuntu@kitterman.com> wrote:
>
> On Tuesday 20 November 2007 20:46, Sebastien Estienne wrote:
> > On Nov 21, 2007 1:48 AM, Scott Kitterman <ubuntu@kitterman.com> wrote:
> > > On Tuesday 20 November 2007 17:18, Neal McBurnett wrote:
> > > > I haven't really caught up over the last 18 months with what has
> > > > happened in the big IETF debates about mDNS (so-called "Apple") vs
> > > > LLMNR (Link-local Multicast Name Resolution - so called "Microsoft").
> > > >
> > > > But I haven't heard that there is anything on the road to
> > > > standardization.
> > > >
> > > > RFC 4795 was published http://tools.ietf.org/html/rfc4795
> > > > Link-Local Multicast Name Resolution (LLMNR)
> > > >
> > > > but that is just an "Informational" RFC, and just about anyone who is
> > > > persistent enough can get one of those published.
> > > >
> > > > Security issues have been identified with both of them,
> > > > since they let systems mess with names that look like
> > > > official dns names.
> > > >
> > > > I find a lot of appeal to finding a good standard for simplified
> > > > configuration, like zeroconf. But I think that it is a difficult
> > > > thing to get right :-(
> > >
> > > The IESG note covers it pretty well (at least at a high level):
> > >
> > > IESG Note
> > >
> > >
> > > This document was originally intended for advancement as a Proposed
> > > Standard, but the IETF did not achieve consensus on the approach.
> > > The document has had significant review and input. At time of
> > > publication, early versions were implemented and deployed.
> > >
> > > The lack of consensus (anyone can search the IETF main list for the last
> > > call discussion on this RFC, it was pretty extensive) was primarily over
> > > whether to use the mDNS or LLMNR protocols in the .local namespace.
> > > Informational or not, it's a published RFC. The distinction among
> > > Informational, Experimental, and Proposed Standard is significant within
> > > the IETF community, but in the wider internet world, I don't think people
> > > really know or care.
> >
> > So neither is a standard, so zeroconf is not more or less 'breaking'
> > things than ms llmnr when using .local
> > And it seems that ms recommends to use .local even for unicast dns,
> > and thats neither a good practice.
>
> Yes and equally the Standards for email are RFC 821/822 and not RFC 2821/2822,
> but try to operate a mail server without using the not the standards RFC. As
> I said, for most, standard == has an RFC. From an IETF point you are exactly
> right, but most won't know or care.
>
> > > So currently we install and enable a system using an unstandarized
> > > protocol that works in the same namespace with another protocol that
> > > fulfills essentially the same purpose and that protocol is at least
> > > documented in an (Informational) RFC. The key point here is that the
> > > IETF picked one and it isn't the one we use.
> >
> > First i don't see that ietf choosed one or the other, but the real question
> > is: How many linux applications implement zeroconf, and how many implement
> > llmnr?
>
> No. That's not the real question IMO. The real questions are on the network.
> What are the interoperability considerations in a mixed LLMNR/mDNS network?
> What is the effect on the DNS root servers of the .local lookups bouncing off
> of them (I've looked and every SOHO router I've tested will just ask up the
> line for what any .local name should resolve to).

That has nothing to do with .local and zeroconf, if you would us .bar,
ping foo.bar would also it the root servers.
In a zeroconf enable network, request on .local, are only issued on
multicast port 5353 AFAIK.
Sure, if you ping foobar.local on a non-zeroconf network it will go to
root servers.

>
> > > Personally, I don't like zeroconf a bit. I like to actually configure my
> > > boxes before they start to talk to other boxes.
> >
> > So you don't need it, that's why you can disable it.
> > Zeroconf is not only about setting your ip adress automatically, it's
> > about making your network printer just work without having to look for
> > an IP/PORT, it's about sharing music without asking an IP adress.
>
> Yes, so fix the architectural brokeness, don't run it by default and then lets
> talk.

I think that many knowlegable people discussed about the issue, and
they came up with "zeroconf".
We can say it's 'broken by design', it doesn't help and explain what
is broken about it?

>
> > I totally agree that these technologies are only usefull in small
> > local network (family or small business), and should/could be disable
> > on servers that live in datacenters.
>
> Put differently, it's suitable for servers not operating directly on the
> internet.
>

Agreed, for servers operating directly on internet you have zeroconf
wide-area, which use unicast dns, and dns-sec

> > And that's why it's hard to have a default install for servers.
> > My home ubuntu server it totally different from the ubuntu servers i
> > run in datacenter:
> > - at home one server does everything from printing, dns, dhcp, lamp
> > - in the datacenter each farm of servers only do one task: apache,
> > mysql, storage, etc
>
> Yes. So I think that's a strong argument for why it should be removed.
it's a strong argument for why it is not usefull in some usecase, eg: yours.
if ubuntu-server would only contain the things that everyone needs and
nothing more, what would we have? even ubuntu-minimal is not minimal
for some of us, eg: why do we need wireless tools, wpasupplicant?!

Personnaly i've never use openoffice on classic ubuntu, should it be
removed from the default install?

There is no default that will fit everyone needs, it's all about
finding a good balance to fit most people.

>
> > that's why in the datacenter i'm using something closer to
> > ubuntu-minimal than the ubuntu-server CD.
>
> I think (particulalry now that we have more tasksel options) the default
> vanilla Ubuntu Server install should be minimalistic. None of my servers
IMO, it will end up being ubuntu-minimal

> have avahi on them, but I think it's better to have it at least not running
> and I see little point in installing it if it's not going to run.
the whoole zeroconf stack: mdns, ipv4ll, service-discovery could be
tasksel maybe, but it's not a service on it's own, it's a dependency
for other services, eg: apache can use mdns so, when you settup a
wiki, the link automatically appears in everyone bookmarks.

It's really usefull how many time did you setup an appliance/printer
and tried to find/remember the url to access it?

>
> > And that's maybe what this thread is all about:
> > Having a really minimalist working install for experienced users,
> > personnaly i'm using FAI for my servers, it installs ubuntu-minimal +
> > kernel + the specific packages for the task, eg: mysql-server.
>
> I'd say the core ubuntu-server install should be that minimalist install and
> then less experienced users use tasksel to get what else they need.
>

i'd say, ubuntu-server for datacenter is a totally different beast
than ubuntu-server for SMB

That's maybe why MS have many version of it's server product:
- windows server
- windows home server
- windows smb server


> > that's why i've never seen avahi on one of the servers i run in
> > datacenters.
>
> Me neither.
>
> > > Additionally, they are both, IMO broken by design.
> >
> > How could we fix zeroconf?
>
> The biggest issue (at least from my perspective) is the basic issue that if
> you issue DNS requests to a non-mDNS aware DNS server you end up dumping
> stuff onto the root DNS servers. So there needs to be a way for discovery to
> occur without DNS requests.
>
> I guess my answer is change mDNS so it doesn't use DNS (moving it off port 53
> would be sufficient).

What do you mean? it doesn't use port 53 it's using port 5353.

>
>
> Scott K
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Sebastien Estienne

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-21-2007, 05:28 AM
Ante Karamatić
 
Default Fwd: Server issues

On Tue, 20 Nov 2007 19:15:20 -0700
Neal McBurnett <neal@bcn.boulder.co.us> wrote:

> I don't really have a well informed opinion on the topic of zeroconf
> and/or LLMNR, despite having paid some attention to it.

It's very simple. Both technologies claim one undefined domain. And
this discussion went in wrong direction. It's not about LLMNR vs
Zeroconf. I'm arguing that *both* of them brake lots of existing
networks. .local is undefined domain and thus it is used all around the
world on real DNS (like Bind) for small-medium sized local networks.
I'm sure there are people who said 'This Ubanti thing can't resolve
computers on my network, it's crap!'.

True, naming local networks as .local, which is undefined, is not good
practice, but ignoring the fact that people did this before
LLMNR/Zeroconf is much bigger mistake. This isn't Ubuntu's problem and
there is nothing that Ubuntu can do, except (stop) supporting one of the
'wannabe' standards.

Someone mentioned SuSE. Yes, they are 'broken' for years, do we want
that too? I can't imagine how it would look like to have Mac, SuSE,
Ubuntu and Window2k3 in a domain that ends with .local.

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-21-2007, 06:04 AM
Neal McBurnett
 
Default Fwd: Server issues

On Wed, Nov 21, 2007 at 07:28:01AM +0100, Ante Karamati? wrote:
> On Tue, 20 Nov 2007 19:15:20 -0700
> Neal McBurnett <neal@bcn.boulder.co.us> wrote:
>
> > I don't really have a well informed opinion on the topic of zeroconf
> > and/or LLMNR, despite having paid some attention to it.
>
> It's very simple. Both technologies claim one undefined domain. And
> this discussion went in wrong direction. It's not about LLMNR vs
> Zeroconf. I'm arguing that *both* of them brake lots of existing
> networks. .local is undefined domain and thus it is used all around the
> world on real DNS (like Bind) for small-medium sized local networks.

Again, I haven't studied the details, but I have read enough to know
that, despite some claims here to the contrary, this is not true for
LLMNR. ".local" appears nowhere in RFC 4795
http://tools.ietf.org/html/rfc4795

I think it can be configured to use .local or any other domain, but it
doesn't do it by default, and it does talk about the need to acquire
the necessary rights in dns. I've also heard that it was considered
by some to pose a security risk, perhaps for this very
configurability.

Neal McBurnett http://mcburnett.org/neal/

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-21-2007, 06:37 AM
Neal McBurnett
 
Default Fwd: Server issues

On Wed, Nov 21, 2007 at 12:04:55AM -0700, Neal McBurnett wrote:
> On Wed, Nov 21, 2007 at 07:28:01AM +0100, Ante Karamati? wrote:
> > On Tue, 20 Nov 2007 19:15:20 -0700
> > Neal McBurnett <neal@bcn.boulder.co.us> wrote:
> >
> > > I don't really have a well informed opinion on the topic of zeroconf
> > > and/or LLMNR, despite having paid some attention to it.
> >
> > It's very simple. Both technologies claim one undefined domain. And
> > this discussion went in wrong direction. It's not about LLMNR vs
> > Zeroconf. I'm arguing that *both* of them brake lots of existing
> > networks. .local is undefined domain and thus it is used all around the
> > world on real DNS (like Bind) for small-medium sized local networks.
>
> Again, I haven't studied the details, but I have read enough to know
> that, despite some claims here to the contrary, this is not true for
> LLMNR. ".local" appears nowhere in RFC 4795
> http://tools.ietf.org/html/rfc4795

And also note that I know this is still mostly besides the point :-)
And that avahi does have .local problems, at least some of which are
documented by Avahi here:

http://avahi.org/wiki/AvahiAndUnicastDotLocal

If Avahi and nss-mdns is installed properly a machine does not
contact a unicast DNS server when resolving names from the .local
domain, thus the unicast DNS domain .local becomes unreachable.

Also I've seen, as reported here, that Microsoft is giving bogus
advice on using .local. And of course all of that is a problem for
avahi and for Microsoft customers....

-Neal

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-21-2007, 08:52 PM
Neal McBurnett
 
Default Fwd: Server issues

On Wed, Nov 21, 2007 at 12:37:25AM -0700, Neal McBurnett wrote:
> And that avahi does have .local problems, at least some of which are
> documented by Avahi here:
>
> http://avahi.org/wiki/AvahiAndUnicastDotLocal
>
> If Avahi and nss-mdns is installed properly a machine does not
> contact a unicast DNS server when resolving names from the .local
> domain, thus the unicast DNS domain .local becomes unreachable.

There is a forum thread that started with a query about why Avahi was
refusing to run on startup:

* Starting Avahi mDNS/DNS-SD Daemon: avahi-daemon
* avahi-daemon disabled because there is a unicast .local domain

and we haven't talked much about that aspect of it here. I guess this
is an outgrowth of the Mountain View discussion about avahi and

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393711

I guess that doesn't cover ivoks' vpn use case though, which is
relatively thorny I'd think.

> Also I've seen, as reported here, that Microsoft is giving bogus
> advice on using .local. And of course all of that is a problem for
> avahi and for Microsoft customers....

The problem seems more widespread. There is a report on that same
forum thread from an ubuntu user who has a D-Link dl-624+ router,
which apparently defines a ".local" domain by default, and lets folks
change that name if they like. By post #11 the thread gets to the
root cause (the D-Link) for one user:

http://ubuntuforums.org/showthread.php?p=3814101

Neal McBurnett http://mcburnett.org/neal/

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 05:43 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org