2006761 – RFE: systemd-resolved: add a way to disable synthetic RR generation

Bug 2006761 - RFE: systemd-resolved: add a way to disable synthetic RR generation

Summary: RFE: systemd-resolved: add a way to disable synthetic RR generation

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	systemd
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	systemd-maint
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2006762
TreeView+	depends on / blocked

Reported:	2021-09-22 11:04 UTC by François Cami
Modified:	2021-12-20 19:33 UTC (History)
CC List:	12 users (show)
Fixed In Version:	systemd-250~rc3-1.fc36
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2006762 (view as bug list)
Environment:
Last Closed:	2021-12-20 19:33:19 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description François Cami 2021-09-22 11:04:19 UTC

Description of problem:

systemd-resolved always (reverse)-resolves the host's IP addresses and FQDN.
This can be harmful when an application (for instance, a DNS zone manager) is installed on the same server instance.
That application would expect NXDOMAIN to be returned if the current server's IP does not belong in an already managed reverse zone.

More details:
https://lists.freedesktop.org/archives/systemd-devel/2021-September/046856.html


How reproducible:

Always, see list post.



Expected results:

Being able to disable the generation of synthetic RRs.


Additional info:

The workarounds described in the mailing-list all imply changing the application in a more or less intrusive or fragile way. Being able to change resolved's behavior in its configuration file would be much more efficient.

Comment 1 Zbigniew Jędrzejewski-Szmek 2021-12-14 18:16:12 UTC

resolvectl query has --synthesize=no that filters out synthesized names.
This is implemented via flags in the dbus api, SD_RESOLVED_NO_SYNTHESIZE flag
to org.freedesktop.resolve1.Manager.ResolveHostname(),
org.freedesktop.resolve1.Manager.ResolveAddress().

I guess we could add flag to disable this in nss-resolve. Will this work
for you?

Comment 2 François Cami 2021-12-14 18:38:31 UTC

Hi!
Thanks for the reply. I guess I'll defer to Antonio, as I am not in FreeIPA
anymore.

Comment 3 Antonio Torres 2021-12-20 10:17:55 UTC

Hi!

I'd say that solution would work fine for this issue.

Thanks!

Comment 4 Zbigniew Jędrzejewski-Szmek 2021-12-20 13:29:52 UTC

https://github.com/systemd/systemd/pull/21836

Comment 5 Fedora Update System 2021-12-20 19:31:03 UTC

FEDORA-2021-08a8cf576c has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2021-08a8cf576c

Comment 6 Fedora Update System 2021-12-20 19:33:19 UTC

FEDORA-2021-08a8cf576c has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.