← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #60752

[Bug 1658734] [NEW] DNS queries of does-not-exist.example.com and example.invalid

  Thread PreviousDate PreviousThread Next 
Public bug reported:

cloud-init makes several DNS queries for does-not-exist.example.com and
example.invalid (and also some random names). https://git.launchpad.net
/cloud-init/tree/cloudinit/util.py#n1100

We understand that it does this to detect the kind of DNS redirection
that's done an many universities, some ISPs, and services like OpenDNS
(when used for filtering or typo correction).

However, it can be problematic in an environment where an intrusion
detection system might flag these queries as potentially malicious, and
in a system where DNS redirection is not used it unnecessarily increases
boot time.

It looks like the feature was written to make it possible to disable it
or provide specific redirection IPs, but that it never gained a config
option to control it.

** Affects: cloud-init
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1658734

Title:
  DNS queries of does-not-exist.example.com and example.invalid

Status in cloud-init:
  New

Bug description:
  cloud-init makes several DNS queries for does-not-exist.example.com
  and example.invalid (and also some random names).
  https://git.launchpad.net/cloud-init/tree/cloudinit/util.py#n1100

  We understand that it does this to detect the kind of DNS redirection
  that's done an many universities, some ISPs, and services like OpenDNS
  (when used for filtering or typo correction).

  However, it can be problematic in an environment where an intrusion
  detection system might flag these queries as potentially malicious,
  and in a system where DNS redirection is not used it unnecessarily
  increases boot time.

  It looks like the feature was written to make it possible to disable
  it or provide specific redirection IPs, but that it never gained a
  config option to control it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1658734/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next