[7992] in testers
Re: odd problem with domain resolution on Athena 10
daemon@ATHENA.MIT.EDU (Anders Kaseorg)
Fri Apr 3 18:07:44 2009
Date: Fri, 3 Apr 2009 18:07:14 -0400 (EDT)
From: Anders Kaseorg <andersk@MIT.EDU>
To: Alex T Prengel <alexp@mit.edu>
cc: testers@mit.edu, debathena@mit.edu
In-Reply-To: <200904032103.n33L3AqH015042@dit.mit.edu>
Message-ID: <alpine.DEB.2.00.0904031758120.6942@vinegar-pot.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: 8bit
On Fri, 3 Apr 2009, Alex T Prengel wrote:
> >> 127.0.1.1 zippy zippy.mit.edu
> >> is denied, but
> >> 127.0.1.1 zippy.mit.edu
> >> is allowed.
>
> >This probably happens because `hostname -i` will be 127.0.1.1 in the
> >former case, but 18.142.4.128 in the latter case. So this is another
> >manefestation of the known problem with 127.0.1.1.
>
> Thanks for the information; we really need to solve the problem though; do
> we do that by making sure all hosts on those lines are fully qualified?
To be clear, the problem is not that there is a non-fully-qualified
hostname in /etc/hosts. The problem is that because your kernel’s
hostname is zippy, which is resolved by /etc/hosts to 127.0.1.1, license
managers that have a client-side ACL of IP addresses (like 18.*) get
confused.
If, as you did, you take zippy out of /etc/hosts (leaving only
zippy.mit.edu), then zippy is resolved by DNS to 18.142.4.128 using the
search path and servers in /etc/resolv.conf, and the license manager
presumably becomes less confused.
A better client-side workaround is to put the right IP address in
/etc/hosts:
18.142.4.128 zippy zippy.mit.edu
which is what I think the Ubuntu installer does if you configure it with a
static IP address at install time. (For the cluster machines, we
currently don’t.)
We are currently discussing possible solutions on zephyr.
Is it possible to get 127.0.1.1 (or even 127.*) added to this client-side
ACL? I assume that there’s some kind of server-side check as well to
enforce the real restrictions, otherwise the system would be trivially
spoofable.
Anders
