cloud-init-dev team mailing list archive

Thread
Date

Re: [Merge] ~sporkmonger/cloud-init:dont_use_random_dns_queries into cloud-init:master

To: mp+326094@xxxxxxxxxxxxxxxxxx
From: Scott Moser <smoser@xxxxxxxxxx>
Date: Tue, 11 Jul 2017 14:42:58 -0000
In-reply-to: <149807156610.22945.11321667906584622299.launchpad@ackee.canonical.com>
Reply-to: mp+326094@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Bob,
This mostly looks good, but I have some comments.
First, a small suggestion. Lets use __invalid_cloud_init__ to address your comment in the bug

| For anyone who's looking at DNS logs for security purposes, that "random,
| unqualified 32-character alphanumeric hostname" is going to cause significant
| issues for anyone trying to figure out what initiated that DNS request.

Second, the random hostname was a *valid* hostname, just very unlikely. That made it different than the other 2 invalid strings.  It would be quite possible for a dns server to provide dns redirection to return one value for invalid queries and another for valid-and-redirected queries.

Thats the motivation for the 'rand()'.

So maybe we could address both your concern and the original bug opening concern of a collision with:

  badname = "cloud-init-invalid-" + rand()

Thoughts?

Scott


-- 
https://code.launchpad.net/~sporkmonger/cloud-init/+git/cloud-init/+merge/326094
Your team cloud-init commiters is requested to review the proposed merge of ~sporkmonger/cloud-init:dont_use_random_dns_queries into cloud-init:master.

References

[Merge] ~sporkmonger/cloud-init:dont_use_random_dns_queries into cloud-init:master
From: Bob Aman, 2017-06-21