Bug 2006761

Summary: RFE: systemd-resolved: add a way to disable synthetic RR generation
Product: [Fedora] Fedora Reporter: François Cami <fcami>
Component: systemdAssignee: systemd-maint
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: antorres, fedoraproject, filbranden, flepied, kasong, lnykryn, msekleta, ssahani, s, systemd-maint, yuwatana, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: systemd-250~rc3-1.fc36 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2006762 (view as bug list) Environment:
Last Closed: 2021-12-20 19:33:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2006762    

Description François Cami 2021-09-22 11:04:19 UTC 
Description of problem:

systemd-resolved always (reverse)-resolves the host's IP addresses and FQDN.
This can be harmful when an application (for instance, a DNS zone manager) is installed on the same server instance.
That application would expect NXDOMAIN to be returned if the current server's IP does not belong in an already managed reverse zone.

More details:
https://lists.freedesktop.org/archives/systemd-devel/2021-September/046856.html


How reproducible:

Always, see list post.



Expected results:

Being able to disable the generation of synthetic RRs.


Additional info:

The workarounds described in the mailing-list all imply changing the application in a more or less intrusive or fragile way. Being able to change resolved's behavior in its configuration file would be much more efficient.
Comment 1 Zbigniew Jędrzejewski-Szmek 2021-12-14 18:16:12 UTC 
resolvectl query has --synthesize=no that filters out synthesized names.
This is implemented via flags in the dbus api, SD_RESOLVED_NO_SYNTHESIZE flag
to org.freedesktop.resolve1.Manager.ResolveHostname(),
org.freedesktop.resolve1.Manager.ResolveAddress().

I guess we could add flag to disable this in nss-resolve. Will this work
for you?
Comment 2 François Cami 2021-12-14 18:38:31 UTC 
Hi!
Thanks for the reply. I guess I'll defer to Antonio, as I am not in FreeIPA
anymore.
Comment 3 Antonio Torres 2021-12-20 10:17:55 UTC 
Hi!

I'd say that solution would work fine for this issue.

Thanks!
Comment 4 Zbigniew Jędrzejewski-Szmek 2021-12-20 13:29:52 UTC 
https://github.com/systemd/systemd/pull/21836
Comment 5 Fedora Update System 2021-12-20 19:31:03 UTC 
FEDORA-2021-08a8cf576c has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2021-08a8cf576c
Comment 6 Fedora Update System 2021-12-20 19:33:19 UTC 
FEDORA-2021-08a8cf576c has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.