back to article systemd'oh! DNS lib underscore bug bites everyone's favorite init tool, blanks Netflix

A few Penguinistas spent a weekend working out why they can't get through to Netflix from their Linux machines, because when they tried, their DNS lookups failed. The issue emerged July 22, when Gentoo user Dennis Schridde submitted this bug report to the Systemd project. Essentially, he described a failure within systemd- …

  1. Anonymous Coward
    Anonymous Coward

    Alternate

    just disable NetworkManager

    hand code resolve.conf with DNS pointing to 8.8.8.8 & 8.8.4.4

    add a manual entry in hosts for Netflix (optional if the above doesn't work)

    1. Anonymous Coward
      Anonymous Coward

      Re: Alternate

      And why would you want to encourage others supply Google with information about every address they resolve? You can choose to be an idiot if you want, but don't recommend it to everyone else as a "fix".

      1. bombastic bob Silver badge
        Facepalm

        Re: Alternate

        OK if you don't want to use the google DNS servers then use your ISP's DNS servers. Whatever.

        at least google doesn't hijack unresolved names...

        /me facepalms at the anal retentivity

        1. eldakka

          Re: Alternate

          Or setup your own recursive DNS server.

          I did this on my NAS, it was actually easier than I expected.

        2. Snorlax Silver badge
          Trollface

          Re: Alternate

          @bombastic bob:"/me facepalms at the anal retentivity"

          Linux users eh? Anal retentivity Is an underlying trait.

          I'm surprised the guy got as few down votes as he did...

        3. joed

          Re: Alternate

          While "hijacking" unresolved names is annoying, it can easily be disabled (and the settings sticks "forever", at least for Comcast). Also, since the DNS queries go in clear, your ISP will know them one way or the other. Might as well use them (unless the ISP is do incompetent that it can't provide well performing DNS) instead of sharing all your browsing habits with yet another party.

      2. Dave Bell

        Re: Alternate

        There are other choices, but who do you trust?

        If I were suggesting a non-ISP address for DNS, I would try to identify the server in human terms as well. Even on The Register one should assume one is being read by humans.

        I infer the suggested fix doesn't care which server is used. In my case I would be working through my ADSL modem/router which provides NAT and DNS for the LAN. In turn, it can either automatically use the ISP server, or an explicitly set server such as the Google one at 8.8.8.8

        1. Jamie Jones Silver badge

          Re: Alternate

          DNS is meant to be a distributed system, and your local resolver should be as close as possible.

          You also don't want to use a server you can't trust to not intentionally send bogus results.

          So, why all these dumb solutions? If you don't want to use a forwarding DNS to your local ISPs server, just roll your own recursive dns. it's virtually configuration free

    2. Drew 11

      Re: Alternate

      8.8.8.8 ?

      Stop giving away all your private information to Google for free!

      1. Anonymous Coward
        Anonymous Coward

        Re: Alternate

        Its not for free, google give you a high performance, high uptime DNS server in exchange.

        Why do some plebs never understand the deals on offer???

      2. Anonymous Coward
        Anonymous Coward

        Re: Alternate

        Stop giving away all your private information to Google for free!

        I dont know where to start.

        As others have noted. You are getting a dns.

        If you dont want to give information to people for free you will have to live in a box. No wait, that wont work , basicly you'll have to kill yourself - and bocome a suicide statistic to be noted down on some govt database. Otherwise everytime you buy a pint of milk you'll be contributing to the secret and evil shopkeepers database of how many people like milk.

        1. Anonymous Coward
          Anonymous Coward

          @AC "have to live in a box"

          Yes, every DNS server you use is able to collect your personal information. Maybe you can't know which ones don't, but you absolutely DO KNOW which company has the most effective data collection and which already has tons of data on you and is always looking for more to correlate on you.

          That's why I'd never use Google's DNS. I'd choose to use one from Microsoft, Amazon, maybe even Facebook, before I'd use Google because they have less personal information about me and it is easier to avoid them being able to correlate my DNS lookups with other personal information they collect on me.

          1. Anonymous Coward
            Anonymous Coward

            Re: @AC "have to live in a box"

            Ironic, as I wrote a paper about data retention after deleting accounts at Microsoft, Google, Facebook and Apple.

            Google were by far the best, followed by apple, thrn Microsoft, and worst of all, Facebook.

            After deleting all those accounts, 7 years later, logging in using a totally anonymous account, Facebook still knows people I might know, based purely on my IPaddress...

            I would seriously question who you trust online. The bad guys might be the least evil of the lot of them.... Perhaps the real bad guys are creating noise and getting a free ride.....

            I use Google DNS, I use it because from my own research, Google were the ONLY one that did exactly what they claimed they did in their privacy policy, and the only one with a privacy policy written in a clear and concise manner for regular human consumption.

            1. Anonymous Coward
              Anonymous Coward

              Re: @AC "have to live in a box"

              > ”Google were the ONLY one that did exactly what they claimed they did ..."

              You sound like a google employee.

              1. Anonymous Coward
                Anonymous Coward

                Re: @AC "have to live in a box"

                I have never worked for Google, nor anyone else you will have heard of. However, you believe what you want to believe, and what fits with what you hope is true...

          2. razorfishsl

            Re: @AC "have to live in a box"

            But only a few are able to cross-reference that against maps and searches.....

          3. dajames

            Re: @AC "have to live in a box"

            That's why I'd never use Google's DNS. I'd choose to use one from Microsoft, Amazon, maybe even Facebook, before I'd use Google because they have less personal information about me and it is easier to avoid them being able to correlate my DNS lookups with other personal information they collect on me.

            If you really believe that, good luck to you!

            I don't believe that any of those companies would hesitate for an instant before gathering, correlating, and monetizing every bit of information about you that they can get their hands on -- indeed, they'd be mad not to, considering that the others do it and it's apparently not illegal.

            At least Google gives me free stuff that is occasionally useful, and for that I forgive them -- just a little -- for ravaging my privacy. The others can go swing.

          4. Lord_Beavis
            Pirate

            Re: @AC "have to live in a box"

            "Yes, every DNS server you use is able to collect your personal information."

            Not to mention ever "Web Designer" seems to be using a WYSIWYG that adds Google feature into their damned web pages (or their hosting solution is doing it). Load No Script and just see how many Google-y references there are as you browse.

        2. Stoneshop
          Holmes

          Re: Alternate

          If you dont want to give information to people for free you will have to live in a box.

          I am strongly disinclined to offer a lot of correlatable information to a single entity, especially one known to try and monetise that information. Better to spread it around, a tidbit here, a snippet there, a fragment somewhere else again.

    3. tony2heads

      Re: Alternate

      Many more are available

    4. Nick Kew

      Re: Alternate

      Those google IPs are just incredibly useful. When your DNS is broken, you have a bootstrap problem.

      Happened to me just on Saturday. I use auto-configure from home, but the (ISP-supplied) router was failing to resolve DNS when it came back up after a power cut. 8.8.8.8 has the virtue of being memorable without having to go online to look it up first!

      1. Swiss Anton
        Trollface

        Re: Alternate

        If you have trouble remembering 8.8.8.8, and you have a thing against Google, just remember it as hate.hate.hate.hate.

    5. Anonymous Coward
      Anonymous Coward

      Re: Alternate

      Or just avoid Systemd.

      1. fidodogbreath

        Re: Alternate

        Or just avoid Systemd.

        I'm amazed that 10 hours elapsed before someone posted this.

    6. Lord_Beavis
      Linux

      Re: Alternate

      "hand code resolve.conf with DNS pointing to 8.8.8.8 & 8.8.4.4"

      Better yet, build your own DNS server and stop supplying Google and/or your ISP with your queries. Make them work for it.

  2. jake Silver badge
    Pint

    I wonder what the excuse will be this time.

    Stockpiling beer & peanuts.

    1. ThomH

      Re: I wonder what the excuse will be this time.

      I searched and discovered that per its authors: "[i]n contrast to the glibc internal resolver systemd-resolved is aware of multi-homed system, and keeps DNS server and caches separate and per-interface". So the justification for a new resolver was machines with multiple active interfaces, that possibly go to different networks.

      The justification for bundling that new resolver with the init system? No idea. For distributions switching to it despite it not functioning very well? Clueless.

  3. eldakka
    Flame

    Why the fuck is the init process being used as a DNS resolver?

    Fuck I hate systemd.

    1. really_adf

      Why the fuck is the init process being used as a DNS resolver?

      Fuck I hate systemd.

      Why the fuck do you think it is the init process that is the DNS resolver?

      Fuck I hate the fact so many people repeat this nonsense.

      Even more than I hate systemd. And that's saying something.

      (Here's that separate process.)

      1. John Robson Silver badge

        Separate file maybe...

        "This file is part of systemd."

        Even if systemd is spawning another of its own processes, it's still systems which is doing the resolving. Just get my system running, and log errors....

        That's all I need you to do...

        1. really_adf

          Even if systemd is spawning another of its own processes, it's still systems which is doing the resolving. Just get my system running, and log errors....

          Agreed, and that (along with Lee D's comments, especially destroying loose coupling) is one of many reasons I detest systemd.

          But the apparently common misconceptions about how systemd works must be avoided else you look just as stupid as many of the systemd evangelists.

          The (predictable) downvotes to my previous comment, ironically, illustrate the exact reason for making that comment in the first place.

    2. rtfazeberdee

      @eldakka - spend some time learning about systemd because your post demonstrates your total ignorance of it to the world.

      1. Lee D Silver badge

        Because it's not systemd, it's PoetteringOS.

        Rather than have a clearly defined system that relies on others, it chooses to just replace everything from login authentication to DNS lookup with broken implementations that can't handle underscores, or usernames that start with a digit (Hey, just "don't do that"!), and then gives away root or stops the DNS resolution entirely when there's a problem because it lacks any kind of designed failure path despite being a system critical service.

        You do things the systemd way or not at all, don't you understand? I mean what kind of loser is going to run a critical Red Hat server that can't afford to give away root access or have its DNS resolution stop for no easily-discernible reason? God, anyone would think it was a server OS backed by a major company specialising in selling server OS, certifications on best practices, and commercial services.

        This is feature creep of the HIGHEST ORDER, from "I'll fix init dependencies" to "what do you mean you don't want every DNS lookup going through root-owned code via the init processes?"

        SystemD evangelists, please just sit down and think for a moment. Put the prejudices and your personal experience aside and just think. Why do you need a "systemd" DNS resolver? You don't. You can have it start up the resolver of choice of the user and use that instead. If it can't manage that, and get the order right so that when it needs to map network drives, etc. the DNS resolver is ready, then what happened to systemd's original purpose?

        He's reinventing the wheel, again, badly, to solve a problem that shouldn't exist if his software did what was promised in the first place. "When things are hard to do using existing and mature software, write your own things to replace them, badly, just enough to do what you needed to do and then sod everyone else, Jack". It's the epitome of childish coding, and yet we still tolerate it.

        1. handleoclast
          Devil

          Re: PoetteringOS

          @Lee D

          I agree that systemd is suffering extreme creature feep to the point that it's almost an OS. But PoetteringOS is such an ungainly name for it. Perhaps we could shorten it somehow.

          How about...

          POS

          1. Lee D Silver badge

            Re: PoetteringOS

            Have an upvote.

    3. Anonymous Coward
      Anonymous Coward

      Systemd is not (just) an init system. That was just the story that was told to get their foot in the door during a time of init-system transition.

      Once that thin end of the systemd wedge had been inserted into almost every Linux distro, they have been able to hammer in that wedge ever deeper using non-stable interfaces to force close coupling of otherwise unrelated services.

      1. Daggerchild Silver badge

        Systemd is extremely useful!

        I think everyone is completely misunderstanding how useful systemd is.

        Everyone who doesn't want to look to the past, and who believe in following leaders with strong personalities and innovative legacy-discarding ideas, can all band together and sail off to create a new future.

        Leaving everyone who actually gives a sh*t about good engineering in peace, while their ship catches fire, runs aground, and establishes some kind of Lord of the Flies cannibal tribe.

        Put systemd in your interview questions for new hires, and leave the true-believers free to go innovate someone else into the ground.

        1. a_a

          Re: Systemd is extremely useful!

          That was far too subtle for most commentards.

          1. oldcoder

            Re: Systemd is extremely useful!

            In very simple environments, it works fairly well.

            But it sucks when you need to add a new service...

            People

            * keep having to add sleep times before they start...

            * keep trying to get the service started

            * resort to even using cron to start them via @boot

            * still lose log data

            * still have to put up with boot/shutdown hanging... sometimes

            But in a simple environment... it isn't too bad. Last time I checked though, Slackware still booted faster.

        2. nijam Silver badge

          Re: Systemd is extremely useful!

          > I think everyone is completely misunderstanding how useful systemd is.

          Well, the systemd supporters certainly are.

      2. fidodogbreath

        Systemd is not (just) an init system. That was just the story that was told to get their foot in the door during a time of init-system transition.

        Sounds like an NSA / GCHQ / Five Eyes operation.

        Hmmmmm....

  4. Nate Amsden

    underscore illegal dns character

    I believe anyway. I have been a debian user since 2.0 hamm back in 98 and am strongly considering moving to the deuvian. I have had about 10 minutes exposure to systemd on a recent debian release (installed maybe 4 months ago whatever the version was at the time I am not at the system ), and wasn't impressed (at the end of the day it comes down for me it wasn't broken so don't fix it).

    My main "home" servers(hosted at a colo) are debian 7 still, so no systemd, my laptops are linux mint 17(MATE) which has no systemd. My work linux boxes all 1000 of em also lack systemd for the moment anyway.

    I can certainly see some use cases for a systemd approach on desktops and laptops hot plugging and shit. But the negatives outweigh the positives as someone who has run linux on my desktops and laptops since 1997.

    I don't mind giving people choice but it seems the choices are rapidly dwindling, which is quite sad.

    some folks have fled to BSD. I like the BSD kernels but have never liked the userland stuff(openbsd is still my home firewall of choice).

    I have been able to just ignore systemd for a long time but that time is running out.

    Same goes for some shit about replacing ifconfig?? Been reading about that recently, again have yet to run into it, another case of it was working fine for me for the past 21 years don't see a need to change it.

    Other than driver updates with newer hardware linux on my systems has been "good enough" for a decade already.

    Maybe I am too old. Or perhaps a case of the hipster agile devops shit going too far.

    Or maybe a bit of both.

    1. Nate Amsden

      Re: underscore illegal dns character

      Can't edit on mobile. But wanted to add a perhaps obvious tidbit. With exception of a brief time with debian 3.0 back in 2001 or 2002, where i ran "testing", every other system before and since has been "stable"

      1. John Hughes

        Re: underscore illegal dns character

        Oh, by the way, Debian doesn't use systemd-resolved, so this bug won't affect you.

        Unless you're using something else that uses the libidn2 library (whis is not part of systemd).

    2. iTheHuman

      Re: underscore illegal dns character

      Mmmmmm yup. 10min. Not impressed. Move to devuan.

      Hopefully you never change software unless it's for bug fixes, because, if it ain't broke.

      1. bombastic bob Silver badge
        Linux

        Re: underscore illegal dns character

        "Hopefully you never change software unless it's for bug fixes, because, if it ain't broke."

        that's actually a BETTER philosophy, in my view. I prefer stability to a moving target on the bleeding edge.

        Devuan DOES sound very very good to me.

      2. Dave Bell

        Re: underscore illegal dns character

        There has been a recent significant bug fix for systemd but this may be a later version.

    3. Anonymous Coward
      Anonymous Coward

      Re: underscore illegal dns character

      I'm in the process of updating my personal server with Debian 9 and I'm all like what the fuck is this fuckwittery.

      No mysql without pissing about, no eth0 now it uses another name.

      Can't restart networking without pissing about.

      Fuckwits the lot of them.

      1. handleoclast

        Re: eth0

        @AC

        The change to the names of network interfaces isn't a Poetteringerism but something from Dell. They sorta have a point. OS names like eth0, eth1 don't give any clue as to which physical connector they relate to. So Dell came up with a naming scheme that would let some guy in a data centre receive a call saying that enp0s3 looks like it's become unplugged and [s]he knows which physical connector to give a tug.

        Dunno about your distro, but on CentOS/RHEL it is possible to set flags (yes, several places because Poetteringerisms abound) that revert to the old naming scheme.

        1. Anonymous Coward
          Anonymous Coward

          Re: eth0

          @handleocast

          Thanks, That explains it then.

          To be fair it's pretty fucking useless when I have two adaptors using the same rtl8111 chipset, so rather than eth0/1 I now have enp3/4so

          1. Jamie Jones Silver badge

            Re: eth0

            FreeBSD uses the same convention as for all other drivers, i.e. device-driverX

            e.g. vtnet0, vtnet1, vtnet2, fxp0, re0, rl0 etc.etc. Of course, you are able to change them if you want, but otherwise.. meh.

    4. Paul 33

      Re: underscore illegal dns character

      As someone considering a move to BSD away from Arch, can you elaborate on what you don't like about the BSD userland stuff?

      1. Jamie Jones Silver badge
        Devil

        Re: underscore illegal dns character

        As someone considering a move to BSD away from Arch, can you elaborate on what you don't like about the BSD userland stuff?

        I guess it's what you're used to. I much prefer the cleanness and coherence of the BSD userland. Hierarchical structure is much cleaner, and the command options are far more coherent and structured.

        Anyway, if you want, most of the GNU main commands are easily installable, so I see no downside.

      2. Nate Amsden

        Re: underscore illegal dns character

        Don't want to start a flame war on top of systemd already. But I do prefer the gnu tools and apt over the bsd way of doing things. I was looking forward to debian freebsd but last i looked that project has been stalled foe years (I installed it once on a soekris box a few years ago).

        Also at least with ports and stuff speaking of init, I found myself having to write custom basic init(or rc) scripts for services since so often they did not install any.

        Most or all of the BSD folks i know hate linux userland but are ok towards the kernel. Find it kind of ironic i am the opposite. I shouldn't say I hate bsd userland but I prefer linux.

        I haven't tried freebsd on a desktop with X11 probably in 18 years. I used to run freebsd on bridging firewalls and IDS, back in 2005 I moved to openbsd (for pf), have thought about going back since freebsd has had pf for a long time now just haven't had a real need.

        Quite possible my info on init scripts and stuff is outdated for freebsd these days but as of openbsd 6 (? Last installed maybe 6 months ago), seemed to apply.

        As per systemd yes I only interacted with it for a few mins so far (system is still running with systemd haven't rebooted it or anything in a few months). I think the issue was couldn't easily figure out how to get a service to start that wasn't built in. I gave up for the time being and started it manually. Not a huge deal but I can feel a sign of things to come.

        And yes if debian 7 had update support for the next 5 years I would not update. I can't think of anything in debian 7 or 6 or even 5 that I felt was important to upgrade for. (Memory is hazy even going back to v5). Drivers for newer hardware is the exception. Though all of my serious systems run in vmware, where the virtual hardware has been stable for a decade

    5. Nick Kew

      Re: underscore illegal dns character

      Metoo. Certainly used to be illegal when I learned about DNS, back in about the bronze age.

      But we've had some changes since then. Like goldrush TLDs, and most relevantly DNS i18n. So when El Reg tells us they're legal, I can give them the benefit of the doubt.

      1. Nate Amsden

        Re: underscore illegal dns character

        They are not legal i checked abou6 a month ago(powerdns rejected a change I tried to put in with underscore). Many systems will allow them, but strictly speaking they are illegal. I read even in BIND there was a config option to allow underscore but I think it is not default.

        But that being said I think that underscore being illegal is dumb and the systems should take it (anyone know the original reason behind that decision? Seems pretty arbitrary, maybe someone thought it would be harder to read or something )

      2. nijam Silver badge

        Re: underscore illegal dns character

        > Certainly used to be illegal when I learned about DNS, back in about the bronze age.

        No, there were some user-level systems that didn't allow underscore, but DNS itself always did. I say always, but in fact I only ran DNS servers from the mid-1980s onward, so what it did before that may be different ...

    6. John Hughes

      Re: underscore illegal dns character

      If you don't want to use systemd just install some other init system.

      If you're a debian user this is just a one line command:

      apt-get install sysvinit-core

      (Two lines if you include the reboot).

    7. kuiash

      Re: underscore illegal dns character

      OK, I got bitten by this recently. Apple updated their stack (somewhere around 10.12) and this bit me.

      It "is legal" but not in hostnames.

      I used to have my live sites as "somesite.com" and the local (test) version as "somesite_com" in my /etc/hosts file.

      Apparently you CAN have an underscores but not in hostnames. Yup, that took some tracking down! I only found it by careful observation (some local domains worked, those with underscores did not).

      Hey, standards eh? Everyone loves them. Next I'll tell you about the hell that is JSON and/or XML parsing libraries. Actually, no I won't. This sort of tedious complexity makes me want to go back to programming 6502's in assembler code. *old man mumble*

    8. Oh Homer

      Re: "systemd approach"

      The systemd approach is basically the same as the Windows approach:

      • If it ain't broke then break it
      • In pursuit of the above, make the most bloated, monolithic, feature-infested software possible
      • Assume the user is stupid
      • Hide everything
      • Auto-configure everything (badly)
      • Make manual configuration a nightmare of obscurity, obfuscation and alien terminology
      • Regularly break, with no easy or obvious way for the user to fix it
      • Refuse to even acknowledge bugs, much less fix them
      • Blame the user
      • Get brutally eviscerated in the tech/geek media
      • Completely ignore public opinion, and carry on regardless

      I call this the "Slouches Towards Bethlehem" development model.

      1. SystemD_Sucks

        Re: "systemd approach"

        This is not exaggeration.

    9. Philip Hands

      ... not that Debian users should notice

      As someone who's been using Debian since '93 I certainly understand that one sometimes gets a visceral negative reaction to change, but the incoherent backlash is getting pretty tiresome.

      sysvinit was and is a heap of shit, which often works more by luck than judgment.

      I admit, I never really considered this until someone came along and tried to build a better alternative. Namely Upstart, which I didn't like at all. Systemd didn't get a better reaction from me either, but the vast quantity of abuse piled on it eventually provoked me to take a long hard look at what I was clinging to and realise that rather than it being a lifebouy, it was actually a large floating turd.

      Just because we've all been trained by bitter experience not to stray into the dodgy areas where it is most likely to break (or where you're no longer even being given the option to stray there because DDs are no longer willing to deal with the related bug reports) does not mean that it's good. Likewise, just because we've learned what is wrong when it breaks, does not mean that it's easy to fix.

      Clearly, trying to replace this sort of software is a thankless task. I think the least that we owe those brave enough to take on the task is to not simply believe every single bad thing that anyone says about them and their software and their motives.

      How about at least trying to concentrate long enough to decide whether we really actually care about any particular story?

      For instance, Debian users might want to notice that Debian does not use systemd-resolved by default, so this story is of no real interest to them unless they've decided to use resolved.

      If someone reacts to this and similar stories by quitting Debian, then that is one less person to care about the non-systemd inits that Debian still supports (systemd is only the _default_, after all -- and only on Linux). That's one less person noticing and reporting bugs if those alternatives start to rot. That's less pressure on developers to keep those alternatives viable.

      So, if you care about choice, I suggest that you stick around, use Debian without systemd as the init, and report bugs when you notice them.

      Running off elsewhere is not likely to keep other inits viable in Debian, and since Debian is one of the few major distros that still offers a choice of init, if that ceases to be true, the death of choice will be that much closer.

    10. SystemD_Sucks

      Re: underscore illegal dns character

      For non-technical folks who want a nicely set up Debian 8.0 (Jessie) desktop system sans SystemD, check out MX Linux.

  5. Brian Scott

    Underscore?

    I thought underscores were illegal in DNS names. I know Microsoft had other ideas in the distant past but now even they frown on them. Why the hell are netflix using them?

    Oh, and to echo everyone else: why is an init process doing DNS resolving? An init process should start things and possibly stop and/or monitor them. The tool to do DNS resolving is a DNS resolver. I would be very upset if my DNS (unbound and bind depending on system) resolver started starting processes. The reverse also applies. FFS.

    1. kain preacher

      Re: Underscore?

      (RFC 1123) permitted hostname labels to start with digits. No other symbols, punctuation characters, or white space are permitted. While a hostname may not contain other characters, such as the underscore character (_), other DNS names may contain the underscore.

    2. Adam 1

      Re: Underscore?

      > Why the hell are netflix using them?

      Is that you Poettering?

    3. jake Silver badge

      Re: Underscore?

      Rather than re-invent the wheel, to see WHY the underscore is OK the way that Netflix is using it, please read this page:

      http://domainkeys.sourceforge.net/underscore.html

      1. Richard 26

        Re: Underscore?

        They are legal in general in DNS, just not in hostnames. It's a hostname, therefore not legal; although probably not a client's job to reject them (be liberal in what you accept, and all that).

      2. Stoneshop
        Devil

        Re: Underscore?

        From that URL:

        "Similarly, O'Reilly's DNS and Bind states in Chapter 4, section 5, 'Names that are not host names can consist of any printable ASCII character.'"

        Conversely, my description of Poettering's attitude and character consists entirely of non-printables.

      3. hmv

        Re: Underscore?

        Underscores are permitted in DNS labels; underscores are prohibited in hostnames - which is what that Netflix name is.

        Having said that, it's a legacy restriction and I can't see why it should remain.

      4. pklausner

        Re: Underscore?

        http://domainkeys.sourceforge.net/underscore.html clearly says _ is forbidden for hostnames. And the point of using _ in the examples was that DNS can serve not only hostnames.

        For the Netflix problem at hand: isn't the requested server name a hostname in DNS parlance?

        1. David Roberts
          Windows

          Re: Underscore? What is a hostname?

          Back when I was a lad the hostname was the leftmost part of the fully qualified domian name.

          If your local computer was called wally (the host name) you could refer to it as "wally" in your local domain but had to refer to it as "wally.mydomain.co.uk" from elsewhere.

          So I assume (without looking it up) that "wally.my_domain.co.uk" might also be valid?

          Or has hostname (as with many other things) been changed to a more "modern" meaning?

          1. Nick Kew

            Re: Underscore? What is a hostname?

            Back when I was a lad the hostname was the leftmost part of the fully qualified domian name.

            Red herring. That is not the usage of "hostname" in any of the references from here.

            And there's nothing "modern" about it: the 'modern' bit is the whole notion of a FQDN running from local on the left to TLD on the right. Until sometime in the '90s, that would only ever have been considered one among many formats.

          2. Phil O'Sophical Silver badge

            Re: Underscore? What is a hostname?

            So I assume (without looking it up) that "wally.my_domain.co.uk" might also be valid?

            Not according to RFC952 "A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.). Note that periods are only allowed when they serve to delimit components of "domain style names". ... No blank or space characters are permitted as part of a name. No distinction is made between upper and lower case. The first character must be an alpha character." modified, as previously noted, by RFC1123 to permit leading digits (allegedly at the urging of a certain Minnesota Mining and Manufacturing Co., better known these days as "3M"). DNS entries that represent things other than hosts can contain underscores, as mentioned in posts above.

            1. Stoneshop
              Headmaster

              Re: Underscore? What is a hostname?

              allegedly at the urging of a certain Minnesota Mining and Manufacturing Co., better known these days as "3M"

              I think you'll find it was being proposed by another company whose name starts with a digit, one dabbling in network gear, for not entirely unselfish reasons.

        2. Robert Carnegie Silver badge

          Re: Underscore?

          I don't get it. Apparently the bug comes when "international" (non-Western) DNS support is used, it probably includes emojis as well as underscore?... Underscore is perhaps the punctuation for waiting to reveal who won this week on "America's Got Dancing Pets" because it is longer than the usual "...".

        3. kain preacher

          Re: Underscore?

          "For the Netflix problem at hand: isn't the requested server name a hostname in DNS parlance?"

          that's allowed.

      5. Daggerchild Silver badge

        Re: Underscore?

        @jake : I don't think that URL is saying what you say it's saying.

      6. Anonymous Coward
        FAIL

        Re: Underscore?

        Rather than spend time reading jake's link which would no doubt explain everything, I'd prefer to instead let everyone know how outraged, cross and indignant (and my feelings always come in threes) I am.

        I am outraged, cross and indignant.

        Please pass on my important views to everyone you know. It's important that as many people as possible know how outraged, cross and indignant I am.

    4. John Hughes

      Re: Underscore?

      why is an init process doing DNS resolving?
      When did you stop beating your wife?

      It is not possible to answer your question because it contains an incorrect assumption.

      If you'd said "why is a process management system..." or however you want to describe the systemd suite (as opposed to /lib/systemd/systemd, aka pid 1) then you might have a point.

      1. Swarthy
        WTF?

        Re: Underscore?

        Fine then. Why in the hells is a Process Management System doing DNS resolving?

        1. John Hughes

          Re: Underscore?

          Fucked if I know.

          Guess that's why Debian doesn't use it by default.

  6. This post has been deleted by its author

    1. Geoffrey W

      Re: Crowdsource hit

      Some sleazy aristocrat was recently jailed for offering money on social media if Gina Miller was killed. Careful...

      1. Anonymous Coward
        Anonymous Coward

        Re: Crowdsource hit

        Yeah, I really miss the times when you could make jokes and parodies on the internet without the secret police breaking down your door in the middle of the night.

        1. TonyJ

          Re: Crowdsource hit

          "...Yeah, I really miss the times when you could make jokes and parodies on the internet without the secret police breaking down your door in the middle of the night...."

          On the one hand I am in total agreement but that Lord or whatever he was actually put a statement onto (I believe it was) FB offering 5 grand for someone to run over a person he took a dislike to.

          Imagine if you saw that about yourself. I think you'd be understandably upset and nervous and that's kinda beyond a joke.

          1. Lomax

            Re: Crowdsource hit

            "On the one hand I am in total agreement but that Lord or whatever he was actually put a statement onto (I believe it was) FB offering 5 grand for someone to run over a person he took a dislike to."

            Wha... wait... did I miss something here?

        2. rtfazeberdee

          Re: Crowdsource hit

          we've already had one MP killed because of a right wing nutter over brexit/immigration issues, there are plenty of nutters out there that will take on the challenge to earn £5K ro run over a non-white woman who is vastly more intelligent than them. Thats why you cannot make posts like that.

          1. Snorlax Silver badge
            Facepalm

            Re: Crowdsource hit

            You can't make "jokes" about killing people who offend your computing sensibilities because:

            A. It's not funny

            B. It's illegal - in this part of the world: soliciting to murder/conspiracy to murder

            C. Some fuckwad with no social skills and mother issues might listen to the voices in his head, and decide it's a good idea.

            1. John Hughes

              Re: Crowdsource hit

              It's call stochastic terrorism.

  7. a_yank_lurker

    Which Version

    I noticed it is with systemd 234 per the bug report, just checked and I have 233.75-1 installed (Arch/Manjaro). From the bug report, it appears to specific to what looks like an optional library.

  8. David Roberts
    Facepalm

    DNS Resolver

    Or DNS revolver?

  9. jtaylor

    As mentioned above, why the HELL is systemd resolving names?

    I'm no fan of systemd anyway; I'm okay with either BSD or SysV init, liked chkconfig in IRIX, and enjoy SMF in Solaris, it's just that systemd's reach exceeds its grasp.

    Shades of Domain/OS where every function was a system call, and...edrgy. UNIX doesn't have to be so monolithic and brittle.

    1. GrumpenKraut
      Mushroom

      > ...why the HELL is systemd resolving names?

      Preparation for the next functionality to be taken over by PoetterD: sending emails.

      1. herman

        Ayup, it is an ancient law that all software evolves until it can send email. Unfortunately, that doesn't mean that it will stop evolving at that point.

      2. bombastic bob Silver badge
        Black Helicopters

        and when systemd DOES send e-mail, it will do it via ".Net" core... [adding yet another bitch-dependency to an already topheavy monolithic example of how NOT to do things]

        Because I bet Poettering gets a kickback from Micro-shaft every time he helps them embrace, extend, and extinguish Linux

    2. rtfazeberdee

      systemd-resolved is optional, any name prefixed with "systemd-" is an optional executable within the systemd PROJECT, not the systemd binary. Common mistake made by soooo many trolls that people who do no research before reposting then perpetuate. There is only 1 binary at PID1 and that is systemd, its easy to check if people could be bothered.

      1. GrumpenKraut
        Trollface

        > Common mistake made by soooo many trolls...

        How often will you repeat that these are multiple binaries, not all running under PID 1? Everybody here knows that!

        You are a Poetter-troll and apparently unable to read. ------>

  10. Anonymous Coward
    Anonymous Coward

    That what happens...

    ... when development is in the hands of a bunch of volunteers who cannot read the RFCs, and nobody checks their work properly before it reaches user systems...

    1. Dan 55 Silver badge

      Re: That what happens...

      Poettering is not a volunteer, he's paid for this crap.

    2. John Hughes

      Re: That what happens...

      Uh, it's hard to blame the systemd developers for "not reading the RFCs" when:

      1. The bug is not in systemd, it's in a third party library used by systemd

      2. The RFCs explicitly say that underscore is not allowed in hostnames!

      1. Number6

        Re: That what happens...

        I blame them for including the resolver stuff in systemd rather than just giving users (or system packagers, more usually) the option of using whichever DNS program they want to do the job.

      2. Dan 55 Silver badge

        Re: That what happens...

        1. Why can't systemd just use the standard DNS instead of forcing everything to use a broken resolver?

        2. I see you haven't read the RFCs either.

  11. Anonymous Coward
    Anonymous Coward

    THis is however not a new problem...

    I remember IBM HMC's having issues with underscores in DNS 15-20 years ago. Our network team had to rethink a few naming conventions on that one.

    This can be broken regardless of the choice of initial load process made by the various distro...

  12. AndrueC Silver badge
    Facepalm

    Ah yes, excessive validation. Another one that has never been fixed despite me pointing it out several times over the years is Samsung's email address validation when registering. It won't accept '.' on the left side of an email address. Luckily there's no particular reason to register with them for anything.

    1. Adam 52 Silver badge

      Just had a data migration fail because the target system wouldn't accept + in email addresses.

      Samsung's validation also won't accept "samsung" in email addresses.

      1. AndrueC Silver badge
        Thumb Up

        Samsung's validation also won't accept "samsung" in email addresses.

        Ah! It's possible that's the real problem then. I use DEA so any email address I suggest to Samsung will have 'samsung' in its name. If I could be bothered to finally register my phone and TV I could use 'samzung'.

        Nope. Can't be bothered :)

  13. wolfetone Silver badge
    Coat

    I'm going to write a strongly worded letter to that bollocks Lennart Poettering about this clown show, using systemd's built in word processor.

    1. Dan 55 Silver badge

      You can do that, but don't expect the built in email client to send any emails which criticise systemd.

      The error message given is "La la la, I can't hear you", the same as his bug report replies.

    2. I ain't Spartacus Gold badge
      Trollface

      Is there a systemd Paint yet, so you can also send him an abusive cartoon...

  14. Anonymous Coward
    Anonymous Coward

    Meh

    Dnscrypt-proxy for the win.

    I resolve directly off that to a nice censorship free DNS server in Iceland.

  15. Anonymous Coward
    Facepalm

    "wait for libidn2 to be fixed to cope with underscores"

    If you're going to wait for systemd to do things properly, you might as well turn off your computer, smash it up, and never touch another one again.

    1. rtfazeberdee

      Re: "wait for libidn2 to be fixed to cope with underscores"

      You should check who develops the library that is at fault before make such an ignorant claim.

  16. Libertarian Voice

    Am I missing something here?

    Haven't looked at Debian 9 yet, but am I to understand that systemd is trying to replace bind 9 with some bastardised version?

    I was pissed off enough that samba started building in a DNS server so I can well do without another one.

    DO ONE THING AND DO IT WELL.

    I do not want to have to disable 10 conflicting DNS servers every time I do an install.

    1. John Hughes

      Re: Am I missing something here?

      Haven't looked at Debian 9 yet, but am I to understand that systemd is trying to replace bind 9 with some bastardised version?

      No. systemd-resolved is an optional part of systemd and not included in Debian 9 by default.

      If you are using bind9 then systemd is likely to be the least of your problems. Get a decent DNS package. I'd recommend unbound for a recursive resolver.

      1. John Robson Silver badge

        Re: Am I missing something here?

        @John Hughes:

        "If you are using bind9 then systemd is likely to be the least of your problems. Get a decent DNS package. I'd recommend unbound for a recursive resolver."

        I like unbound for a recursive resolver as well, but what do you use for authoritative domains?

        Last time I was building DNS servers (commercially) I put BIND internally and exposed it through unbound to reduce the attack surface...

        1. John Hughes

          Re: Am I missing something here?

          what do you use for authoritative domains?

          I don't actually know. Historically I've use djb's tinydns, but it's a bit creaky these days.

          I may be moving to power DNS some day.

      2. Libertarian Voice

        Re: Am I missing something here?

        Thanks for your clarification.

        Yes Bind9 is a pain, but I have used it so long that I kinda understand its way of thinking to the extent that it has corrupted me. In any event I also admin AIX machines and on those it is either Bind9 or the hosts file.

  17. Gordon Pryra

    And this is why Linux will NEVER be a useable desktop OS

    Yeah there are bugs, but its how easily the user can get a machine that lets him send an email when he runs into a bug.

    Can you imagine an actual user in the real world doing this? or even understanding what this is telling him to do? And this is already sanitized for general consumption.

    "If you're affected by this DNS problem, rebuild Systemd without libidn2, stop using Systemd as your resolver if possible, apply this temporary patch – or better yet, wait for libidn2 to be fixed to cope with underscores."

    Linux is becoming MORE like a hobbyist OS than ever before

    1. AJ MacLeod

      Re: And this is why Linux will NEVER be a useable desktop OS

      @Gordon Pryra

      Your post is wrong in many different ways. For one, Linux has been a superb desktop OS for at least two decades now and I know because I've been happily using it all that time.

      For two, "normal" users in the real world almost certainly wouldn't end up having to "do this" to get around the bug, because "normal" users don't use distros like Gentoo which allow you absolute control over build options - they are for people who know what they're doing, or at least don't mind learning as they go. "Normal" users will be using something either RH or Debian derived, built with bog standard options and hence slightly better tested.

      For three, Linux is not becoming more like a hobbyist OS, it's now mostly corporations who are contributing this kind of code and in particular the behemoth Red Hat is slowly winning in their attempt to "be Linux." I'd argue that the hobbyists generally produced a better result for end users...

      1. Gordon Pryra

        Re: And this is why Linux will NEVER be a useable desktop OS

        @AJ MacLeod

        Maybe

        But still, 99% of the desktop user-base will scream in fear and run if confronted with actually having to read an error message rather than click next next next (then phone their son to do the final next click for them)

        Bring back our hobbyist overlords I say (or at least one who understands what a UI should entail)

    2. Nick Kew

      Re: And this is why Linux will NEVER be a useable desktop OS

      Can you imagine an actual user in the real world doing this? or even understanding what this is telling him to do?

      Whoosh!

      Any Linux distro - even a techie one like gentoo - will default to requesting both an IP address and DNS resolver from the router you plug it into. Which will in turn get those things from your ISP or network administrator. It's called DHCP.

      The only actual user to be affected will be the actual user who has, for his/her own reasons, explicitly overridden those defaults.

    3. Updraft102

      Re: And this is why Linux will NEVER be a useable desktop OS

      "Can you imagine an actual user in the real world doing this? or even understanding what this is telling him to do? And this is already sanitized for general consumption."

      The last line of the citation you refer to as "this" included this text: "or better yet, wait for libidn2 to be fixed to cope with underscores." Can I imagine people in the real world doing that? Why, yes I can!

      With Windows, waiting for someone to get around to fixing something is often your only choice. Sometimes you can roll back an entire month's worth of security fixes to undo a non-security bug like this, since MS has gone to massive monolithic updates, but then you're still waiting for them to fix it so you can get back to where you were when you noticed the bug in the first place.

      The Linux suggestions were workarounds for people who know what that means and are inclined to try it, and they're not what I would call 'sanitized for general consumption' (anyone reading The Reg is already outside of those boundaries). The fact that there even ARE usable workarounds is not a negative. People have choices, and some choose to take action. Waiting for a fix is still just as valid in Linux as it is in Windows (though your wait is not likely to be an entire month as it is in Redmond-land, as those massive monolithic updates only come that often).

      Actually, now that I have put it into words, I may have convinced myself that Windows isn't a usable OS in any of its versions anymore. Obviously 10 is out of the running as far as being a usable OS (and has been since its introduction), but now that the rest of Windows versions have the same idiotic monolithic patch setup, coming generally only once a month and often without any usable workarounds to get people through until MS gets around to fixing it, it looks like Windows is no longer fit for purpose.

      Were you really trying to suggest that is better?

    4. Number6

      Re: And this is why Linux will NEVER be a useable desktop OS

      Fail - had it been Windows then there would have been an unexplained issue/bug until MS had gotten around to issuing a fix, no easy way to make it work until that time. The workaround to rebuild without libidn2 is a temporary fix for those who know how to do it, everyone else can wait for it to be patched next time they apply updates, exactly the same as with the other desktop OS.

    5. Doctor Syntax Silver badge

      Re: And this is why Linux will NEVER be a useable desktop OS

      "Linux is becoming MORE like a hobbyist OS than ever before"

      Which hobbyist OS did you have in mind? The problem most Linux users have is that it's becoming more like Windows.

  18. John Smith 19 Gold badge
    Unhappy

    Not a *nix admin so is having to resolve a DNS name during bootup a common issue?

    The only use case I can come up with is

    Boot problem --> need to Google something --> have no other PC/server/laptop/tablet/phone with internet connectivity with which to do this.

    But I don't know. Do you often have to look up a bunch of domain names to get their IP addresses to stock some data file or other?

    If you don't it just seems very odd.

    1. Swarthy
      Boffin

      Re: Not a *nix admin so is having to resolve a DNS name during bootup a common issue?

      I wouldn't say common....

      But the issue of needing to resolve DNS on boot can arise if, for example, you want to mount shared drives on boot, using a host name, rather than an IP address.

      1. John Smith 19 Gold badge
        Unhappy

        the issue.. needing to resolve DNS on boot..if..you want to mount shared drives..using a host name,

        OK that's a use case.

        So to need this functionality at boot time you need...

        (Remote drive) X (only known by host name, not IP address) X (Must be available to apps by the time server is booted).

        And basically if you can get the IP address any other way, or you can delay starting up the apps that need that drive to mount it through a script this use case disappears.

        So much for DevOps

  19. Anonymous Coward
    Anonymous Coward

    Not had this problem on Gentoo myself...

    ...but then I use openrc, not systemd. In Gentoo, there is a choice available, for those who want to make it. Then again, I'm in the fortunate position of never having let systemd get on to my main laptop in the first place.

    On the other hand, I have systemd on my various raspberry pis, but won't be taking it off because a lack of time means I want to run pretty "standard" raspbian and OSMC configurations. At least the lack of time also means I don't need to deal with the various systemd annoyances all that much...

  20. W.O.Frobozz

    Systemd is shaping up nicely to become the world's most advanced malware hosting platform.

  21. Anonymous Coward
    Anonymous Coward

    So systemd parses DNS correctly (Netflix had underscores in hostnames, not labels, which is forbidden) and people are blaming someone for following the RFCs because Netflix are special sparkle ponies?

  22. Anonymous Coward
    Anonymous Coward

    Why is systemd attempting to handle X,Y and Z that are unrelated to it's function

    Simple answer is that unix was not designed for people who are ignorant and disintested in their OS. It was designed for people who had taken the time to learn the basics rather than assume the OS knows what it is doing because they don't want to.

    Microsoft took over computing for the last forty years because they sold it as ignoramous compatable, no intelligence or understanding required and systemd is an attempt at catering to the same "why won't it just work by itself" crowd via the same halfassed method of ignoring the implications with default answers.

    Yes unix can be configured so the ignorant user can safely do their browsing etc but when the user also demands root then you have the same outcome as giving matches to children.

    We can either give the kiddies matches and let the world burn or restrict the important decisions to people willing to learn and accept the implications. Systemd doesn't do either and should never have been allowed to gain the prestige implicit in being a dependancy nor allowed to replace working components with fudge just to make their failed design appear to work.

    1. John Smith 19 Gold badge

      "Systemd doesn't do either and should never have been allowed to gain the prestige "

      I wasn't sure where you were going with this till this sentence, when you got the upvote.

    2. Updraft102

      Re: Why is systemd attempting to handle X,Y and Z that are unrelated to it's function

      "Microsoft took over computing for the last forty years because they sold it as ignoramous compatable, no intelligence or understanding required..."

      Even so, it isn't, and never has been.

      Part of the reason that non-techie types who just want to use the internet without having to learn anything (heaven forbid) have migrated to phones is that using a real PC is still toooo haaaaaard for them. They've dumbed Windows down to the point that it frustrates many of us who aren't determined to remain ignorant about the tech we use many hours each day (for example, why do I have to do so much drilling to view the IP configuration and other stats on my network card in every Windows later than XP? Because all those numbers and text are too scary for ignorant users, so it's better to make people click advanced-sounding options several times before they even get the option to see anything useful, giving the ignorant many chances to go elsewhere before they get scaaaaared?), but it still requires an understanding beyond what is useful if you're going to use an iPad or iPhone.

      I can't speak for any of those people, and I wouldn't want to. I could slap a donkey on its... ah, hindquarters and hear a response that fairly closely resembles what "regular" users would have to say. I can only say that for myself, Windows is already too dumbed-down, even though for the average user, it's still far too complicated. The regular people who never needed a real computer in the first place (and who are free to choose their own device) have already moved on, and hopefully those "regular" people who have to use PCs for work also have an IT department that locked the devices down to essentially act like a glorified iPad. I'm really tired of having my stuff broken and made much more useless because of people who refuse to know what they're doing.

      I know that we all were novices once, and I have always been willing to help those who want to learn... it is not they who I am referring to here. The people I'm comparing unfavorably to livestock don't want to learn; they try to avoid it. They _refuse_ to do it, as if it is a religious issue for them. "I want to learn to fly a plane, but I don't want to learn about things like pitch, yaw, roll, flaps, glide slope, sink rate, or anything like that! I don't want to study; I want to fly!"

      Well, that ain't happening. You can't have one without the other. Some things cannot be made simple just by their nature, and full-featured, non-crippled general purpose computers are one of those. They can be made as simple as possible, but no more so; to go beyond that is to re-invent the iPad, which goes beyond reasonably simple and goes straight into simplistic. For people who are really philosophically and morally opposed to learning about the tech that plays such a huge role on our lives, a platform like that really is the best solution. Windows isn't, and never has been, that simple, and that's one reason I've used it for close to three decades (though that era is clearly ending; Windows 10 is a no-fly zone).

    3. Oh Homer
      Headmaster

      Re: "ignoramous compatable"

      Yes, that was Microsoft's (and Apple's) main design goal, and as we all now know they were wrong, both in principle and in practice, because not only does such obfuscation wrongly assume that the system will never break and thus never require user intervention, but more generally as a matter of principle you cannot account for every possible outcome, and therefore you've just pretty much guaranteed unserviceable breakage.

      The same principle applies to basically all consumer goods. The idea is that you should not have to be an engineer merely to use products built by engineers. While that may be a laudable goal, sadly it's not actually attainable, and the result is a throwaway culture of products that never quite work as expected, but still cost a fortune to keep running to any degree.

      The alternative is simply good engineering. Use the least complexity with the fewest components to achieve a single clearly defined goal, then make no attempt to hide those components or the process, in order to make it as robust and serviceable as possible. A perfect example of this is The Arch Way (although sadly it should be noted that Arch seems to have abandoned this principle by moving to systemd).

      If after all that you still have neither the time, skill nor enthusiasm to service your properly engineered products, you can still delegate to either replace them or have them serviced by someone else, just as we do now with throwaway junk, with the added bonus that servicing should be much cheaper than it is presently, because the engineering is so much simpler.

      The only down side to this is that manufacturers will (IMHO falsely) claim that the application of proper engineering principles to their throwaway consumer junk will make it several orders of magnitude more expensive, which is exactly why they degenerated into producing such junk in the first place. I'd argue that this is at best a false economy and at worst an outright lie.

  23. Anonymous Coward
    Anonymous Coward

    I find it quite interesting that so many systemd haters seem to consider it mandatory to enable every single component it provides - including those systemd documentation explicitly states as designed for very specific use cases. Obsessive-compulsive, much?

    On the systems I manage, I only use the following systemd components:

    - systemd proper - because it bloody WORKS;

    - systemd-journald - because I like not losing log entries (which as my hardware got faster and faster became more and more frequent towards the end of my adventure with sysvinit+syslog-ng), forward secure sealing, easy retrieval of specific information, and the fact that it does provide a standard syslog interface on top of the above;

    - systemd-logind - because I like users only being granted access to the graphics card, the sound card etc. when they log in locally (assuming they are allowed to do so) instead of all the flipping time;

    - udev - because for all of its shortcomings, I have yet to find anything better.

    Nothing else. Weird, isn't it?

  24. Comments are attributed to your handle
    Trollface

    Seems to me the solution is for systemd to drop libidn2 entirely, and replace it with their own implementation /s.

  25. jMcPhee

    I haven't seen this much emotion since the last Commodore vs Apple BBS flame wars.

  26. Anonymous Coward
    FAIL

    Integration dammit

    Can we please differentiate between systemd the init replacement and systemd the project to replace many of the critical subsystems in Linux (login, logging, etc). And put aside the claims of each faction's motives (good or bad) for a moment.

    Then I see that systemd started life as an init replacement, with good aims, and then rapidly realized that to achieve its design goals big chunks of the rest of Linux needed to be rewritten. The critical mistake was right here --> They elected to go for really tight integration and pitch it to the community as such when instead they could have collaborated with the teams that own those other components and contributed reports and fixes.<-- For example a stronger syslogd that supported the binary, reliable logging that they felt they needed.

    A systemd init replacement surrounded by a bunch of independent projects that offered a choice of tight or loose integration ("you can log to syslog over UDP, or you can have the fancy experience by setting this flag on syslogd") would have been awesome. Instead we got a systemd that is inexorably reaching for huge swathes of Linux and exposing itself to flame wars every freakin' time a bug is discovered.

    1. vgrig_us

      Re: Integration dammit

      "Can we please differentiate between systemd the init replacement and systemd the project to replace many of the critical subsystems in Linux (login, logging, etc). "

      Nope - because it's impossible to tell where init part end and other begins.

    2. Doctor Syntax Silver badge

      Re: Integration dammit

      "Then I see that systemd started life as an init replacement, with good aims, and then rapidly realized that to achieve its design goals big chunks of the rest of Linux needed to be rewritten."

      If, when you attempt to fix something you find that everything around it then breaks and you fix that & more stuff breaks, that's nature's way of telling you your original fix was broken.

  27. Anonymous Coward
    Anonymous Coward

    The real question

    It's been asked several times here, but I see no attempts at an authoritative answer to:

    "Is ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net a host name?"

    According to @jake's own referenced source, host names are name fields of A or MX records or the data fields of the SOA and NS records. This makes sense to me and seems to jibe with all the RFCs. The dig utility shows me that ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net is the name field of an A record. (I didn't pull their zone data because people in my country have been prosecuted for that.) Underscores are not allowed in host names, so I don't see why this, as @jake put it, "is OK the way that Netflix is using it".

    Maybe the library is removing the underscores for the wrong/no reason(s) and still needs to be patched, but that doesn't make the Netflix host name valid.

    I'm interested in what, if anything other than the RFC's terms, are broken my host names with underscores. None of my resolvers seem to care, perhaps because they are forgiving and trying not to make a distinction when the impact is nil (except to RFC writers).

    1. Jamie Jones Silver badge

      Re: The real question

      Hark at you, commenting on the real issue and not just using it as a systemd bashing excuse like the rest of us!

  28. Anonymous Coward
    Facepalm

    Systemd DNS resolver strips underscores

    Which begs the question as to the logic of putting a DNS resolver into an init system designed to .. initialize and run processes at boot. And who the fuck passed 'Systemd DNS resolver ' into production code without properly testing it.

    "Libidn's purpose is to encode and decode internationalized domain names".

    What'll this do for DNS spoofing and security given the existence of visually similar unicode characters.

  29. TVU Silver badge

    Red Hat (Over) Dominance

    I am getting more than a little tired of Red Hat's overbearing influence on Linux in general and the Gnome Foundation in particular because their "solutions" are often less than perfect and then they are also intolerant of bug reports and constructive improvement suggestions from non-Red Hat sources. Their poor attitude really has got to change.

  30. CFWhitman

    "So Dell came up with a naming scheme that would let some guy in a data centre receive a call saying that enp0s3 looks like it's become unplugged and [s]he knows which physical connector to give a tug."

    It actually goes beyond that. When you have a server with three or four network interfaces, there is no guarantee that with the regular naming system an adapter will always get the same name when the server is booted. This means that a reboot can play havoc with routing rules and make a server stop functioning for its main purpose after being rebooted.

    With the new naming scheme, regardless of whether your adapters are distinguished by a single digit, each adapter will always get the same name after a reboot. As you mentioned, this predates systemd, Ubuntu Server, for example had this before it ever had systemd.

    1. DainB Bronze badge

      On pre-systemd systems you simply add MAC address or udev rule to pin interface to it's name.

      It's exactly the same on systemd - to guarantee that you have predictable interface names you either need completely turn off this braindead slot numbering schema via kernel parameter or add MAC addresses to udev rules.

      Why would you need it, systemd deelopers might ask ? Because interface name can be literally anything on virtualized host with multiple vNICs and depends on when VM was started. What, no one thought about virtual machines that in systemd "make boot faster" camp ?

      So, what problem was solved exactly ? The problem of predictable output of ifconfig - if someone would explain why lunatics from systemd development team needed to completely rewrite output of ifconfig providing exactly the same information but in a different format it would be nice. Don't bother though, everyone already knows why.

  31. Anonymous Coward
    Anonymous Coward

    Let the name of systemd be stricken from every book and tablet, stricken from all pylons and obelisks, stricken from every monument of Egypt. Let the name of systemd be unheard and unspoken, erased from the memory of men for all time.

  32. John Smith 19 Gold badge
    Unhappy

    Hmmm. Looks like there's a fair bit of fail to around

    The software appears tom implement the letter of the RFC (so do other DNS resolvers not, or do they special case the NefFlix IP address?) while NetFlix does their own thing.

    Just weird.

  33. Gordon 11

    It "is legal" but not in hostnames.

    Which is the source of the problem.

    The assumption in the original DNS was that an A record (although this is an AAAA, since the offending item appears to be IPv6) would point to a host.

    This was always wrong - it only ever pointed to an interface (given that you can have multiple ones on a single host it clearly can't be a hostname), but the rule was built into the RFC IIRC).

    So bind 4.x disallowed it.

    The workaround was to set up a PTR records containing "_" to your A record, which contained "-" instead (since thy were aliases they could be "anything").

    Then someone added a compilation option to allow "_" in A records. That must have been in the mid 90's.

    Along came bind8 and made it a run-time option.

    For someone to have got this wrong 20 years later is just a terrible piece of coding.

  34. SystemD_Sucks

    Told you so

    Everything it's detractors feared about SystemD has come to pass.

    Do not be tempted to let it infect your machines.

    Let the lemmings go over the cliff with it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like