cloud-init-dev team mailing list archive

[Bob Aman <bob@xxxxxxxxxxxxxxx>]

Bob Aman has proposed merging ~sporkmonger/cloud-init:dont_use_random_dns_queries into cloud-init:master.

Commit message:
Drop rand_str() usage in DNS redirection detection

Making lots of random invalid DNS queries interferes with the ability
of security teams to identify malicious or anomalous behavior from DNS
logs. The same goal should be achievable with a consistent query for a
name that is disallowed.

LP: #1088611


Requested reviews:
  cloud-init commiters (cloud-init-dev)
Related bugs:
  Bug #1088611 in cloud-init (Ubuntu): "using random hostnames to detect dns proxies allows for false positives"
  https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1088611

For more details, see:
https://code.launchpad.net/~sporkmonger/cloud-init/+git/cloud-init/+merge/326094

See LP: #1088611 and LP: #974509 for details.
-- 
Your team cloud-init commiters is requested to review the proposed merge of ~sporkmonger/cloud-init:dont_use_random_dns_queries into cloud-init:master.

diff --git a/cloudinit/util.py b/cloudinit/util.py
index c93b6d7..39dc981 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -1128,14 +1128,14 @@ def is_resolvable(name):
     we have to append '.'.
 
     The top level 'invalid' domain is invalid per RFC.  And example.com
-    should also not exist.  The random entry will be resolved inside
-    the search list.
+    should also not exist.  The '__invalid__' entry will be resolved inside
+    the search list.  Underscores are invalid, but can still be queried.
     """
     global _DNS_REDIRECT_IP
     if _DNS_REDIRECT_IP is None:
         badips = set()
         badnames = ("does-not-exist.example.com.", "example.invalid.",
-                    rand_str())
+                    "__invalid__")
         badresults = {}
         for iname in badnames:
             try: