[dns-operations] systemd resolved ignores specified root
Fred Morris
m3047 at m3047.net
Thu Sep 17 00:51:36 UTC 2020
On Thu, 17 Sep 2020, Mark Andrews wrote:
>> On 17 Sep 2020, at 08:36, Derek Wilson <jderekwilson at gmail.com> wrote:
> [...]
> Trailing dot is UI not wire.
I agree with you Mark, as does Eastlake (RFC 6066). ;-)
>>> the common BIND8/BIND4/BSD client library also uses a trailing dot as a signal;
>>> the signal is "do a query of the input string first, before trying the search
>>> list". this is both weak and confusing, but it's the signal path we had.
>>
>> That behavior makes sense to me but maybe that's because it's what I'm used to.
>
> Actually if the name ends in a period, the name is tried “as is” and the search list
> is NOT applied.
I haven't read the systemd thread yet, so I apologize. Mark knows what I
am about to tell you: this is actually at the heart of a Firefox + Apache
TLS bug. Contrast:
http://apache.org./
and
https://apache.org./
Mind you, the latter behavior is the /fix/ the original (apache) behavior
was much worse. Firefox just does what it wants to do.
> Interior periods are tried “as is” first then with the search list.
> Dotless names are tried with the search list then as is.
Browser fetish for "search and URL in the same box" muddies this quite a
bit.
--
Fred Morris
More information about the dns-operations
mailing list