Re: 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out

On 2024-06-12 00:47, Poul-Henning Kamp wrote:
> I had a machine with this line in /etc/rc.conf:
> 
> 	ifconfig_bla0="192.168.87.11"
> 
> I found out the hard way, that this defaults to /8 now.
> 
> The main symptom was that DNS was /really/ busted, which makes sense
> when none of the DNS servers in the 192/8 "swamp" can be reached.
> 
> Since we all know that it is always DNS(SEC), I spent a lot of time
> having fun with that, before I noticed the /8 netmask on the interface.
> 
> I agree that the class A/B/C netmask assumptions should have died long ago.
> 
> But from a foot-shooting point of view, it makes no sense to default
> 192.168/16 to a /8 netmask.
> 
> If we're going to default to /8, at the very least ifconfig should
> spitting out a very noisy warning and wait 5 seconds before proceeding,
> when the netmask is not explicitly specified.
> 
> But I also think we can do better than /8.
> 
> One option is to go for "limit the damage in RFC1918" and default
> them according to their size: reach:
> 
> 	10/8
> 	172.16/12
> 	192.168/16
> 
> That will prevent the DNS weirdness I had to figure out, and probably
> still DWIM in most cases.
> 
> Another option is to default all three to /24, which in my experience
> is how people deploy RFC1918.
> 
> A third option is to default any missing netmask to /24 instead of /8,
> which would be what I would personally have done in the first place.
I couldn't agree more. CPEs, WiFi AP's and most other network(ing) equipment
that most users encounter, generally default to a /24 (255.255.255.0).
IMHO this would result in the least amount of POLA. :)

> 
> Poul-Henning
--Chris