mirror of
https://git.launchpad.net/livecd-rootfs
synced 2025-10-24 05:24:07 +00:00
Also see https://bugs.launchpad.net/cloud-images/+bug/2106729. Since Oracular[1]: Ubuntu’s systemd-networkd no longer sets UseDomains=true for managed network interfaces. In effect, this means that search domains configured in DHCP leases will not be reflected in /etc/resolv.conf by default. This change aligns Ubuntu’s default behavior with that of upstream. System administrators may choose to override this default on a global, or per-interface basis. See systemd.network 4 for details. The default in systemd is UseDomains=false. From systemd.network(5)[2]: DHCP= Furthermore, note that by default the domain name specified through DHCP is not used for name resolution. See option UseDomains= below. UseDomains= It is recommended to enable this option only on trusted networks, as setting this affects resolution of all hostnames, in particular of single-label names. It is generally safer to use the supplied domain only as routing domain, rather than as search domain, in order to not have it affect local resolution of single-label names. It has been reported to us by few clouds that this breaks local name resolution. For instance, in Google Cloud Compute, users can no longer reach instances in the same zone[3] nor Google Cloud services[4] by their names. Arguably, the security concerns for having this option disabled are not valid in cloud environments. As one of our partners said: IIUC, the motivation to disable UseDomains by default is that a laptop might be used on an untrusted network where the domains provided by DHCP can be a security issue, directing users to places they don't intend. But it's not possible for a cloud instance to be connected to an untrusted network (barring a breached account). The way I'm looking at this is that DHCP option 119 exists for the express purpose of allowing a network administrator to configure the DNS search path for computers on that network. I understand there's a security concern if that network isn't a datacenter. But in the cloud there's no concern (in some clouds, it's not even possible for DHCP response packets to come from anywhere but the cloud's own DHCP). We should restore this setting in cloud images. [1] https://discourse.ubuntu.com/t/oracular-oriole-release-notes/44878 [2] https://manpages.ubuntu.com/manpages/plucky/en/man5/systemd.network.5.html [3] https://cloud.google.com/compute/docs/internal-dns [4] https://cloud.google.com/compute/docs/metadata/overview
10 lines
209 B
Bash
Executable File
10 lines
209 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# See https://bugs.launchpad.net/cloud-images/+bug/2106729
|
|
|
|
mkdir -p /etc/systemd/networkd.conf.d/
|
|
cat >/etc/systemd/networkd.conf.d/50-cloudimg-settings.conf <<EOF
|
|
[Network]
|
|
UseDomains=true
|
|
EOF
|