[Swan] This clearly denotes bugs
Paul Wouters
paul at nohats.ca
Mon Jan 7 00:01:20 EET 2013
On Sun, 6 Jan 2013, Philippe Vouters wrote:
> Explanation thanks to Wireskark:
> The unbound library does not use at all the information in /etc/resolv.conf but query fixed known DNS servers (namely
> <letter>.root-servers.net computers). It ends up in the second successful case into dyndns.com returning the public IP address of
> my DSL box. Provided the unbound library had query using the information in /etc/resolv.conf, it would have returned my computer IP
> address inside my home network.
Odd, we are supposed to look up /etc/hosts and use /etc/resolv.conf:
lib/libswan/unbound.c:
int unbound_init(struct ub_ctx *dnsctx)
[...]
/* lookup from /etc/hosts before DNS lookups as people expect that */
if( (ugh=ub_ctx_hosts(dnsctx, "/etc/hosts")) != 0) {
libreswan_log("error reading hosts: %s: %s\n",
ub_strerror(ugh), strerror(errno));
return 0;
}
DBG(DBG_DNS, DBG_log("/etc/hosts lookups activated\n"));
/*
* Use /etc/resolv.conf as forwarding cache - we expect people
* to reconfigure this
* file if they need to work around DHCP DNS obtained servers
*/
if( (ugh=ub_ctx_resolvconf(dnsctx, "/etc/resolv.conf")) != 0) {
libreswan_log("error reading resolv.conf: %s: %s\n",
ub_strerror(ugh), strerror(errno));
return 0;
}
DBG(DBG_DNS, DBG_log("/etc/resolv.conf usage activated\n"));
Paul
More information about the Swan
mailing list