Re: [exim] strange resolver issue

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: James Mills
CC: exim-users@exim.org, Todd Lyons
Betreff: Re: [exim] strange resolver issue
On 2012-10-13 at 16:56 +0000, James Mills wrote:
> Thanks Todd, spot on!


Todd's great. :)

> Got rid of the mdns entries in nsswitch.conf and all is fine now.


You should probably try to transition away from assuming that .local is
available via regular DNS -- consider this a wake-up call that there's
an issue here, and changing nsswitch.conf has bought you time to manage
a transition gracefully.

Going forward, .local is de facto used for multicast DNS and that's not
going to change, and is going to be embedded in more and more devices.

I say this as someone who _likes_ zeroconf, mostly, and thinks it's a
good idea. Home users adding devices to a network should not need to
mess with zone-files; printers, media devices, ~everything just using
multicast DNS just makes life easier. So this is going to continue.
For businesses, cheap devices you buy are still going to assume zeroconf
by default. Fighting that is making work for yourself, when there's so
many other things that need time and attention. It likely makes more
business sense to just abandon the domain and spend expensive staff time
fighting issues that _need_ fighting.

In July, IANA created a registry of "Special-Use Domain Names":
https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xml

Avoid anything in that, and if something you use appears in that, then
you're fighting a losing battle and just plan on graceful evacuation.

Note that with the swing to HTTPS/TLS for "everything" and wanting
TLS certificates for internal services, I recommend that companies avoid
using private TLDs for their internal network. If you manage your own
in-house CA, you're probably okay, but otherwise you should plan on
being able to buy a (cheap) cert even for internal services.

Using a TLD such as .biz works; register example.biz and use that. So
many people have .biz in blacklists for email, etc, that you'll not want
to use that for a public-facing site, and it's not too hard to train
non-technical folks that "company.com is public, company.biz is
internal".

-Phil