Comment 2 for bug 1854976

Revision history for this message
ghomem (gustavo) wrote :

Hi,

I work with Jose Manuel Santamaria Lema.

Thank you for taking your time to review.

Perhaps we should be a little cautious in regards what we call "normal" and "reasonable". During the last 20+ years of Linux people able were to do "host -l" against servers that were configured to allow so - for example internal name servers that are authoritative for local (LAN related) domains - using directly the local resolver

I would call the ability to do such queries "normal" and "reasonable" because it has been common practice during the last 20+ years. Yesterday was the first time that I have seen the possibility of such queries not working (20.04 early builds). Linux Torvalds usually says "we don't break user space" when changes in the kernel cause problems on user space applications that have certain expectations regarding how the kernel behaves because tradition is some kind of jurisprudence. I feel this is kind of the same situation.

Apart from common practice we could think of other criteria for deciding this. For example what the RFCs say. I am by no mean a DNS authority - please feel free to correct me if I am wrong. Digging little bit I found this:

----

An AXFR query is sent by a client whenever there is a reason to ask.
   This might be because of scheduled or triggered zone maintenance
   activities (see Section 4.3.5 of RFC 1034 and DNS NOTIFY [RFC1996],
   respectively) or as a result of a command line request, say for
   debugging.

----

Note that it mentions debugging and that ubuntu users are not the average computer "end users" but often a more technical crowd that uses computers to configure and debug. Also, the document refers to "resolvers and servers" and doesn't say AXFR queries are exclusive to authoritative servers.

In that context, does not seek like an accident that it worked with dnsmasq - seems the dnsmasq implemented the feature, like bind and others do.

Reference:

https://tools.ietf.org/html/rfc5936

Lastly, I would say that the decision to downgrade or not the local resolver should come from Ubuntu, rather than systemd. This might not be an "end of the world" situation but still it is a regression that should be assessed, with gains and losses from the resolver change fairly weighted.

Thank you,