DNS Mischief

C. Scott Ananian cscott at cscott.net
Wed Jul 8 19:45:16 EDT 2009

On Sun, Jul 5, 2009 at 8:36 PM, Michael Stone<michael at laptop.org> wrote:
>  d) rewrite as an NSS module?
>  e) rewrite in an external DNS resolver?

Either of these would make it much easier to play with your patch,
eliminating the whole "now recompile your C library from scratch"
step. ;-)  (d) would be the cleanest, and the code involved ought to
be quite short.  With (e) you could make the names available to other
machines our your local network, which could be cute (or awful, as you

Network-disconnection issues also bear thinking about -- if you use a
local IPv6 address for a local resource, can you handle its migration
to the "real" network later as it roams off the mesh?  (It might be
easiest to handle this as a clean disconnect/reconnect rather than
going down the "mobile IP" path.)

Thanks for running with this idea, Michael!  (Although wearing my
security hat I'd have to caution that MD5 has been deprecated for 13
years now, and even SHA1 is "not recommended for new use" .  Use
http://www.ouah.org/ogay/sha2/ -- it's just two files to add, tomcrypt
not required.)

(Ob code review: I think you just want to fabricate a new link-local
address entry based on the hash, rather than cloning and altering the
existing LL address.  Link-local addresses have the prefix fe80::/64,
with the lower 64 bits constructed from the first 64 bits of
SHA256(hostname).  You also should probably make sure that the
hostname you're hashing is the full canonical host name, ie
"cscott.skiffserv.dyndns.org." (note trailing dot) not "cscott" or
"cscott.skiffserv" or some other abbreviation.  You just need to
confirm where you fit into the "search domain" feature of resolv.conf,
esp since all of the "searched domains" will yield valid addresses.
You really want to disable 'search-domain' for this
link-local-resolution, since search-domain is really meant as a
human-typing aid, not for machine use.)

                         ( http://cscott.net/ )

More information about the Devel mailing list