Package: debian-installer Severity: normal Tags: ipv6 d-i I belive that rdnssd package (IPv6 recursive DNS server discovery daemon) should be included in d-i as udeb or even used by default, as well installed by default in base system.
It is used for automatic configuration without DHCP (v6). This is because indeed kernel does autoconfiguration (SLAC) by reciving ICMP RA and properly adding addresses to interfaces on IPv6 enabled networks, with proper routers. But this leavs other informations from RA packets unprocessed. This include network domain name, ntp server names, and DNS server addresses. This is handled by rdnssd package: Description-en: IPv6 recursive DNS server discovery daemon rdnssd autoconfigures recursive DNS servers on IPv6 networks using ICMPv6 Neighbor Discovery (RFC 5006), and can update the DNS resolvers configuration (/etc/resolv.conf) accordingly. rdnssd doesn't have any dependencies beside libc6. It recommends resolvconf for even better IPv6 support but it is optional. It is fully automatic, essentially doesn't have any configuration (beside optional script which can be used for merging already existing resolv.conf when not using resolvconf package/system). It have just few files, main binary written in C is just 16100 bytes on i386m abd consumes very small memory and cpu: sredniczarny:~# ps aux | grep rdnssd root 2837 0.0 0.0 1960 268 ? Ss lip30 0:00 /sbin/rdnssd -u rdnssd -H /etc/rdnssd/merge-hook rdnssd 2838 0.0 0.0 2176 516 ? S lip30 0:00 /sbin/rdnssd -u rdnssd -H /etc/rdnssd/merge-hook It also starts extremally quickly: sredniczarny:~# time /etc/init.d/rdnssd start [ ok ] Starting IPv6 Recursive DNS Server discovery Daemon: rdnssd. real0m0.074s user0m0.000s sys0m0.004s So, please include rdnssd by default on all systems. It would be good idea to adive security team on this matter, because as a networked deamon it can be prone to remote attacks (both DoS and remote exploits). It should be pretty safe, considering simplisity of processing rdnssd is doing, but still some cautions should be taken. Regards, Witek -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.5.0-t43-prod-dirty (SMP w/1 CPU core) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to pl_PL.UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
