Your message dated Thu, 9 Feb 2006 00:58:49 +0100 (CET) with message-id <[EMAIL PROTECTED]> has caused the Debian Bug report #348578, regarding base-files: changes order of mDNS in /etc/nsswitch.conf to be marked as having been forwarded to the upstream software author(s) Joey Hess <[EMAIL PROTECTED]>.
(NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Sorry to everybody involved for my delay in processing this bug. I'm forwarding it to Joey Hess, who proposed the current status. Anand Kumria <[EMAIL PROTECTED]> writes in Bug#348578: ---------- Forwarded message ---------- Date: Wed, 18 Jan 2006 06:32:51 +1100 Subject: base-files: changes order of mDNS in /etc/nsswitch.conf Package: base-files Version: 3.1.9 Severity: important Hi, Currently /etc/nsswitch.conf has the line: hosts: files dns mdns However in a recent discussion with the KDE group, both the mdns upstream (Lennart) and myself believe the order should be: hosts: files mdns dns Rationale: - a DNS server should never see a '.local' zone (by default, libnss-mdns only looks there) - mdns will respond faster than a DNS server can for .local Unlike Joey Hess (CC'd) I have not tested what, if any, impact this will have (as per #324954) should libnss-mdns not be installed. Also I note that Lennart would prefer: hosts: files mdns4 dns But I believe we should not limit link-local multicast name resolution to only IPv4. I've CC'd a number of you for further discussion in case you believe this change should not take effect or my reasoning to be flawed. ------------------------------------------------------------------------ Lennart Poettering <[EMAIL PROTECTED]> writes in Bug#348580: ---------- Forwarded message ---------- Since base-files 3.1.8 /etc/nsswitch.conf contains support for libnss-mdns out of the box: hosts: files dns mdns I don't think this line is a good idea, because this way lookups for a .local host are first issued using normal unicast DNS. This lookup, however, will almost certainly fail and thus result in useless traffic and a superfluous delay when accessing a slow DNS server. Instead I would like to suggest to reverse the order of "dns" and "mdns". This is not a security risk because the default configuration of libnss-mdns doesn't allow host name lookups for hosts outside .local. In addition I would like to suggest to use the IPv4-only module of libnss-mdns because looking up IPv6 addresses of a host which only publishes IPv4 addresses will cause an extra timeout delay of three seconds. All Macs, and all HOWL running machines publish only IPv4 addresses by default. Hosts running Avahi are the only exception right now. In summary, the following line is what I would like to propose: hosts: files mdns4 dns (As a side note: I am the upstream maintainer of libnss-mdns, that's why this came to my attention) ---------- End Forwarded message ---------- and later: ---------- Forwarded message ---------- A quick addendum to the order issue: If the order of "mdns" and "dns" is swapped in nsswitch.conf, reverse host name lookups will always be tried first with multicast DNS -- which will fail in most cases, and thus adds a 3s delay to most calls to gethostbyaddr(), which is unacceptable. A possible solution is to split nss-mdns into two seperate modules, one which does just host->address lookups, and the user which does address->host lookups. That way it is possible to specify the order "mdns dns mdns_reverse". However, for this split to happen nss-mdns needs some work, and this is currently not a top priority on my TODO list. Hence, please do *NOT* swap the order of the two modules. However, I still believe you should replace "mdns" with "mdns4", thefore I am not closing this bug report. --------------------------------------------------------------------- and now Ricardo T. Muggli <[EMAIL PROTECTED]> writes in Bug#351990: ---------- Forwarded message ---------- Since libnss-mdns is not part of the base, references to it should not be in base. The hosts line of /etc/nsswitch.conf should be changed to: hosts: files dns If the hosts: line in /etc/nsswitch.conf contains mdns and libnss-mdns is not installed a program will waste time trying to find the libnss_mdns library. Maybe when libnss-mdns is installed it should add this entry to /etc/nsswitch.conf. However there are still some pitfalls with having mdns enabled. If libnss-mdns is installed and you try to resolve an ip address that does not exist in the DNS you will get about a 5 second delay. This happens because it has to wait for the timeout on the /var/run/avahi-daemon/socket - while avahi-daemon is trying to do a MDNS lookup. ---------- End Forwarded message ---------- Since it was you who suggested this change, I am all ears for your advice on this. I am seriously considering what Ricardo suggests, namely, keeping things as they initially were, and giving explicit permission to libnss-mdns to change /etc/nsswitch.conf even if it's a conffile owned by another package. I am also considering to make that file a configuration-file-which-is-not-a-conffile-but-it's-created-by-postinst in-the-first-install, as it happens with /etc/profile or /root/.profile, in case it helps. Thanks.
--- End Message ---
