From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 83270 invoked by alias); 13 Nov 2018 04:50:34 -0000 Mailing-List: contact libc-help-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: libc-help-owner@sourceware.org Received: (qmail 83257 invoked by uid 89); 13 Nov 2018 04:50:33 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=interestingly, ula, login, phillip X-HELO: mail-ot1-f54.google.com Received: from mail-ot1-f54.google.com (HELO mail-ot1-f54.google.com) (209.85.210.54) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 13 Nov 2018 04:50:32 +0000 Received: by mail-ot1-f54.google.com with SMTP id 32so9630960ota.12 for ; Mon, 12 Nov 2018 20:50:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Jo/EiVR7KdrNwYtemHVKdPc8sgs6nODonaBO6yM7zP8=; b=sym/KAFAjQ/ECiduPOlhr3anu3bu50xptY5G2PD94wqRo6JXEq7wFlzGkJeV9X7I// R4JxBM6oRhuI435JRuGjo3KPr8pCqgI+A0cWKx8ra/1Yo9CZOjVuVHenDGIYdymIahYI vwEQYzvyT9s5FZxQJKFjw0TH+XWZAmhemtJ41j7F8emjqFkgbF8PLv9T0x779kUZRWPJ mrNNIsc6qPFH/CnY2yhVLrn2CZP+jK6DFTwmeTd80s4MoIwYK+1w973yOxhVTj8jRH+Y htKC7iM21qtXHyTCD1MCAmhsdxFIK/HpJMXG0CJAa7Twh4a+rIZyLSqzKrLRXqi2jRzB beYg== MIME-Version: 1.0 References: <87lg5yr17v.fsf@oldenburg.str.redhat.com> <87ftw6nqcv.fsf@oldenburg.str.redhat.com> In-Reply-To: <87ftw6nqcv.fsf@oldenburg.str.redhat.com> From: Phillip Hellewell Date: Tue, 13 Nov 2018 04:50:00 -0000 Message-ID: Subject: Re: RFC 6724 To: fweimer@redhat.com Cc: libc-help@sourceware.org Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2018-11/txt/msg00010.txt.bz2 On Mon, Nov 12, 2018 at 10:43 AM Florian Weimer wrote: > > If you can edit /etc/gai.conf, you can install Unbound or dnsmasq, too. Installing and configuring a DNS server is quite a bit more involved than editing gai.conf. > Do you have another example that does not involve sorting merely by > protocol? Something that you have encountered personally? My personal example is slightly more complex, but is still related to sorting by protocol. I have daul-stack at home, and my IPv6 router advertisements also include a ULA prefix. So every machine on my network has at least a 192.168.8.x IPv4 address and an IPv6 address with my ULA prefix. My DNS is set up to return both (in no particular order). I was just noticing what it shows for "Last login" when ssh-ing into my server and also what it shows by default when I ping a machine. Interestingly, the results differ when pinging from Linux vs Windows. From Linux it chooses the IPv6 ULA address, but from Windows it chooses the IPv4 private address for the destination host. I tracked down the reason for the difference to the prefix policy table. Linux adheres to the older RFC 3484, whereas Windows uses RFC 6724. I was surprised to see Windows ahead of Linux in adhering to IPv6 standards. But the strangest part about all this is that, the older standard actually gives more appropriate results in this case, since IPv6 ought to be preferred over IPv4 when choosing between equally valid and useful addresses. That's why in conjunction with my suggestion to update to the RFC 6724 policy, I also brought up the idea of adding the rules for private IPv4 prefixes so that IPv6 ULA will be preferred over them. To be honest, unless those rules are included I would prefer glibc be left alone, because in my opinion the slight improvements are not worth it unless that drawback is addressed. > To be honest, I don't see any other way to get full RFC 6724 support > because the RFC requires various things for which I do not see direct > kernel support. I'm not sure what exactly you are referring to in RFC 6724 that the kernel doesn't support, but I was just focused on updating the precedence rules. I'm assuming those could be updated to include nine rules from RFC 6724 rather than five rules from RFC 3484. > If we disable or limit sorting in glibc, at least you will be able to > get RFC 6724 support with a suitable NSS service module or caching DNS > server. I'm in favor of adding the ability to disable sorting, as long as it is just an option and it's not that way by default. I can't imagine how many things might break if this were disabled. Phillip