FS#41655 - [filesystem] In /etc/nsswitch.conf, add mymachines( and resolve, remove dns).

Attached to Project: Arch Linux
Opened by test0 (test0) - Friday, 22 August 2014, 12:14 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 04 January 2018, 13:42 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Sébastien Luttringer (seblu)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
See summary. This incorporates recent changes in systemd. Replacing dns with resolve should only be done when systemd-resolved is used, though.

Additional info:
* package version(s)
* config and/or log files etc.


Steps to reproduce:
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Thursday, 04 January 2018, 13:42 GMT
Reason for closing:  Fixed
Additional comments about closing:  our nsswitch currently matches the systemd recommendation
Comment by Dave Reisner (falconindy) - Friday, 22 August 2014, 13:12 GMT
Removing dns from nsswitch.conf *will* break a large number of setups (mine, for example). It's far too soon to adopt these new modules at the distro level.
Comment by Damjan Georgievski (damjan) - Thursday, 05 May 2016, 04:18 GMT
  • Field changed: Percent Complete (100% → 0%)
maybe that day is now?
* nss-resolve now (since 229) fallbacks to nss-dns if there's no resolved or dbus running
* c-ares since 1.11 handles 'resolve' in nsswitch the same as 'dns' (to see if dns is enabled - yeah stupid)

https://github.com/systemd/systemd/issues/1692
https://github.com/c-ares/c-ares/issues/33
Comment by Eli Schwartz (eschwartz) - Thursday, 04 January 2018, 04:31 GMT
Currently all three are used, is this a reasonable resolution or does anyone still think dns should be removed (and have a good explanation why this is okay)?
Comment by Damjan Georgievski (damjan) - Thursday, 04 January 2018, 08:58 GMT
nss-dns should *not* be removed now, since systemd 232 changed the implementation of nss-resolve (and 234 further removed the fallback)

232
* The nss-resolve module has been changed to strictly return UNAVAIL
when communication via D-Bus with resolved failed, and NOTFOUND when
a lookup completed but was negative. This means it is now possible to
neatly configure fallbacks using nsswitch.conf result checking
expressions. Taking benefit of this, the new recommended
configuration line for the "hosts" entry in /etc/nsswitch.conf is:

hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

234
* The code to call libnss_dns as a fallback from libnss_resolve when
the communication with systemd-resolved fails was removed. This
fallback was redundant and interfered with the [!UNAVAIL=return]
suffix. See nss-resolve(8) for the recommended configuration.


nsswitch in the current filesystem package seems fine

Loading...