[Pkg-utopia-maintainers] Bug#388864: Stop! Wait!

Lennart Poettering mzqrovna at 0pointer.de
Mon Oct 16 20:37:36 UTC 2006 

On Mon, 16.10.06 12:06, Anand Kumria (wildfire at progsoc.org) wrote:

> >First, please use "mdns4" and "mdns4_minimal" modules instead of
> >"mdns" and "mdns_minimal". Why? Because many broken programs (one of
> 
> Lennart's suggestions break network setups.

We had this discussion before. I guess we agree to disagree on the way
the default configuration for nss-mdns should look like.

Yes, the configuration line I suggest fully breaks in already-broken
setups. The line you suggest is broken, too, however in a different
way: it sort-of works in more situations than my solution, however it
slows down things for *everyone*, adds security problems and as has a
few other drawbacks.

As it happens I am quite a mDNS/DNS-SD guy. Perhaps only Marc
Krochmal and Stuart Ceshire from Apple - who originally designed
mDNS/DNS-SD - know the Zeroconf protocols better than I do. I wrote
both nss-mdns and Avahi. And I am currently working on pushing mDNS to
the next level, adapting it for large mesh networks for usage in OLPC,
making it better scalable.

All three of us - me, and the two Apple guys - came to exactly the
same solution for the problems we are discussing here: make mDNS
authoritative in .local by default, but allow people to change that
behaviour manually if they really need and want to.

Apple's take on this can be found here:

http://docs.info.apple.com/article.html?artnum=107800

Please, leave the line I suggested as the default, and document how to
disable it. That's the way Apple implemented it in MacOSX and that's
exactly how we should do it. Everything else is *much worse*!

That behaviour i propose is well known to administrators from
MacOSX. Inventing a new broken hehaviour which is fucked up in a
different way will probably annoy administrators even more.

If you still insist to use your broken line, then at least I hope that
Ubuntu will fork the package and adopt my line. 

> Network A: perfectly setup zeroconf network.
> 
> Network B: badly setup corporate site, which uses .local as the last
> part of zonecut. That is, resources have names like
> mailserver.corporate.local
> 
> Lennart's "solution" (in a private email exchange) was to have the
> user install/uninstall libnss-mdns as required.

"disable in the configuration" is an alternative to "uninstall".

> Let's make network B a, say, public wireless access point.

"public wireless access points" are usually not connected to a
business network which might a .local unicast dns server.

> You can't know - in advance - whether or not any particular network is
> setup correctly.

Sure you don't. But that's not exactly new. MacOSX - which includes
Bonjour support - has been around for quite a while. The market share
of MacOSX is (unfortunately) still much higher than the share of Linux
desktop machines. If administrators learned to live with the behaviour
MacOSX exposes (and has exposed in the last five years) regarding
.local, it shouldn't be to difficult to get them to live with Debian
exposing the same behaviour.
 
> >Unfortunately do neither Avahi nor Apple Bonjour register both ipv6
> >and ipv4 addresses by default.
> 
> Incorrect. Apple register zeroconf entries with both A and AAAA
> records. Check the bonjour-dev mailing list. From memory, I started a
> thread about this issue.

The last time I looked this was not the behaviour I experienced.

But perhaps they changed that in the latest releases of
MacOSX. Unfortunately I don't own any MacOSX machines, so that I could
check this. 

> >The ideal line has to look like this:
> >
> >  hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
> 
> Wrong. Breaks interoperability.

Not wrong! Just breaks in already-broken setups.

> >I strongly suggest following this advice of mine. To my knowledge this
> >line is nearly "optimal". I know that Anand Kumria doesn't really
> >follow me in my argumentation and added some misleading documentation
> >to README.Debian. However, I am very unhappy with this situation.
> 
> The documentation is not misleading. You are simply misinformed about
> this, and despite my repeated efforts, do not appear to understand the
> problem.

Oh, come on!

"Misinformed"??? I'll take that as irony.

Did I get this right? The Apple guys and the Avahi guy is wrong,
but you are the one who's right? Oh, man!

Wake up!

> >Yes, it is a pity that we cannot add proper out-of-the-box support for
> >IPv6 to our zeroconf stack. But humm, that's the situation we have to
> >deal with.
> 
> No - avahi could register each name with both A and AAAA records. I
> haven't checked whether it does or does not. If not, I'd argue it is a
> bug.

I wouldn't argue that this is a "bug", but anyway, patches are welcome!

I initially copied mDNSResponder's (in a version that was current when
I started to work on Avahi) behaviour on this. If modern MacOSX
really behave differently, it might make sense to follow their lead on
this. 

Even when we add this behaviour to Avahi I am still not convinced that
using "mdns" instead of "mdns4" as default is a good idea *now*. There
are still too many mDNSResponders and HOWLs - and of course old Avahi
installations - around. Please be patient with this! The first step
should be to get all servers to register IPv6 addresses by default,
and the second step should be to get the clients upgraded as well. Not
the other way round.

I now filed a ticket on avahi.org:

http://avahi.org/ticket/62

Lennart

-- 
Lennart Poettering; lennart [at] poettering [dot] net
ICQ# 11060553; GPG 0x1A015CC4; http://0pointer.net/lennart/

More information about the Pkg-utopia-maintainers mailing list