[Sugar-devel] Notes on service discovery XS/XO

david at lang.hm david at lang.hm
Tue Apr 21 20:46:13 EDT 2009


On Tue, 21 Apr 2009, Martin Langhoff wrote:

> On Tue, Apr 21, 2009 at 2:05 AM,  <david at lang.hm> wrote:
>> my initial reaction to this is that it's going to look to the client exactly
>> the same as a bad guy trying to poison DNS by sending unasked for responses,
>> how do the clients tell the difference?
>
> They can't. That's how DNS works. Lots of ink have flowed on that very
> topic. I'm not interested in bikeshedding, I'm interesting in using
> DNS smartly, and in getting help to get it done.

if the client can't tell the difference between what you are doing and 
what the bad guys are doing, the client has no choice but to ignore any 
unexpected responses, as they may be bogus.

I believe this is exactly what has been done over the last few years in 
the DNS server/DNS cache software. they used to accept extra responses 
like you are trying to make, but nowdays they don't.

implementing something that is on it's way out (due to it becoming a 
security problem) is not a smart thing to do.

>> also note that this will require that you run some sort of DNS cache on the
>
> The standard dns resolver libs on linux (part of glibc?) caches
> alright. All platforms I know cache things alright, and it's fairly
> serious bug if your OS doesn't.

actually they don't. you can run a DNS cache on your machine (and many 
distros do by default), but it's not part of the default resolver.

>> take a look at packetfence. it does exactly that job today, for free, on
>> linux (among other platforms)
>
> Doesn't look like a fit for the XS, did you look at it?

I'm reasonably familiar with packetfence, I don't know the full 
requirements that you have for the XS, but your short description sounded 
like the job that it does (summarized as a hotel-like access control)

> Weird. I do have some things to build, but everyone ignores them and
> keeps bikeshedding.
>
> Code talks, peoples.

you are free to ignore comments, and existing tools, but if that's what 
you want, why post here, just write the tools and then we'll identify that 
you have recreated the wheel.

David Lang



More information about the Devel mailing list