Hello Each time I get an updated to /etc/nsswitch.conf with glibc updates I wonder about how to re-add the mdns lines to the file, as with the updates, nsswitch.conf deviates more and more from the example shown by the ewarn messages. When I look into the example line: hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 I wonder about: - Should mdns* be placed in an exact order? Reading the header in the file, it seems the order is important but, Which order is desired? - What does the [NOTFOUND=return] do? Is that needed just after mdns4_minimal? For example, the line I need to touch has this by default (on a systemd setup): hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns That uses [!UNAVAIL=return] for resolve (if I understand it correctly) Since I guess it is too difficult to make this more automatic (without an eselect module), I think it would be interesting to at least clarify a bit more the ewarn messages to ensure administrators are doing what they expect. Specially taking into account that nsswitch.conf can change and, then, it is important to understand how to modify if properly as they will need to do it "often". Thanks
Hi. Having already spent a while researching this, I can offer what I know: The example line comes from nss-mdns' README. It's explained in the surrounding text there, but not very clearly so here's the details - "mdns4_minimal" returns authoritative DNS results for all queries to .local (either A or NXDOMAIN) and soft failures otherwise. The "[NOTFOUND=return]" is explained in the nsswitch.conf(5) manpage; it causes nxdomain answers (within .local) to be returned to the caller immediately instead of falling through. Putting both parts before "dns" here matters as otherwise it'd be leaking .local queries to the remote DNS server. Finally mdns4 tries mDNS lookups for *any* domain as a last resort, which seems ill-advised (it adds latency to failed lookups, potentially leaks failed DNS queries on the LAN when the DNS server's unreachable, and lets anyone who receives them forge responses). It's only ever useful if you use a deliberately weird network setup, imho the ebuild messages should just leave that part out. As for systemd... I don't use it myself, but anyone who does can ignore nss-mdns entirely, it has its own mDNS support and there's a config setting for it in resolved.conf. Having both things enabled won't break anything per se, but is pretty useless. Hope that clears things up.
Thanks a lot for the info I use systemd and I was having both ;)
(In reply to Pacho Ramos from comment #2) > Thanks a lot for the info > > I use systemd and I was having both ;) For systemd is still needed for .local printers to work. For now I see it is ok with appending mdns4_minimal [NOTFOUND=return] just before "resolve" All the other options I have tried seems to lead to printers not really working (they are discovered but, later, they don't print as cups cannot find them)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b7a3346b9f5a821d05d51f7ee878aeeac1d7d1d commit 8b7a3346b9f5a821d05d51f7ee878aeeac1d7d1d Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2023-07-19 13:04:54 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2023-07-19 13:05:58 +0000 sys-auth/nss-mdns: clarify how to append mdns to hosts line in nsswitch.conf Closes: https://bugs.gentoo.org/885903 Signed-off-by: Pacho Ramos <pacho@gentoo.org> sys-auth/nss-mdns/nss-mdns-0.15.1.ebuild | 8 ++++---- sys-auth/nss-mdns/nss-mdns-9999.ebuild | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-)
