How to disable DNS lookups?

Henry B (Hank) Hotz, CISSP hbhotz at oxy.edu
Wed Jul 26 03:14:36 CEST 2017


I’m with Russ on this one, too. I’ve done /etc/hosts based deployments for robustness against DNS-failure scenarios.

POXIX getaddrinfo() does not require DNS. It’s an interface to the system and whatever it uses. The system should be configurable to use whatever name resolution is appropriate with as little surprise as possible.

> On Jul 25, 2017, at 11:58 AM, Roland C. Dowdeswell <Roland.Dowdeswell at twosigma.com> wrote:
> 
> On Tue, Jul 25, 2017 at 08:45:44AM -0700, Russ Allbery wrote:
>> "Roland C. Dowdeswell" <Roland.Dowdeswell at twosigma.com> writes:
>> 
>>> In the longer term, we should likely stop using getaddrinfo(3) for names
>>> obtained from DNS SRV RRs and directly query DNS for them as this matches
>>> expectations.  That is: you wouldn't expect that if you find
>> 
>>> _kerberos._udp.my.realm	IN SRV 0 0 88 foo.my.realm
>> 
>>> that an entry for foo.my.realm in /etc/hosts would then override the
>>> DNS for it.
>> 
>> Eh?  I *absolutely* would expect that and would consider it a bug if it
>> did not.  It is incredibly useful for testing to be able to temporarily
>> override the IP address of a host in /etc/hosts, and I expect all software
>> to honor that.
> 
> SRV RRs are essentially a generalisation of CNAMEs or perhaps MX records.
> It is counter-intuitive to expect that /etc/hosts will interpose in the
> middle of a lookup.

. . .


Personal email.  hbhotz at oxy.edu





More information about the Heimdal-discuss mailing list