On Sun, Jul 06, 2008 at 05:14:44PM -0700, Steve Langasek wrote: > On Mon, Jul 07, 2008 at 01:39:37AM +0200, Kurt Roeckx wrote: > > > You don't seem to request ipv4 addresses, you request AF_UNSPEC, which > > should get you both ipv4 and ipv6. You get 127.0.0.1 twice, and ::1 one > > time. > > You'll find that the duplication of 127.0.0.1 is still there if you specify > AF_INET instead, because the problematic duplication happens when requesting > records for the ipv4 address family. I left it as AF_UNSPEC in the test > case to show that the problem exists when using protocol-agnostic best > practices, which is what slapd does.
I was just confused when reading it, and understood it as only requesting AF_INET. That was just to make it clear. > >> - the ::1 address should *not* be special-cased by nss_files. I really > >> can't perceive any reason why it should be special-cased in the first > >> place; i.e., why should the files backend behave differently than the DNS > >> backend, and why would we want names that were specifically assigned to > >> ::1, including names like "ip6-loopback", to be automatically mapped to > >> 127.0.0.1? > > > I can't find any good reason why it should be changing ::1 to 127.0.0.1. > > So I think that atleast glibc should stop doing that. In any case, it > > shouldn't return 127.0.0.1 twice when it's not configured to return > > it twice. > > What do you mean by "configured to return it twice"? Would that mean > duplicate lines in /etc/hosts (i.e., misconfiguration)? Yes. > >> - we should only set up a single 'localhost' entry in /etc/hosts, pointing > >> at ::1, and let nss_files handle the mapping to 127.0.0.1 automatically. > > > - You could also argue that openldap should get fixed to deal with cases > > where it tries to bind to the same ip/port twice. On the other hand, > > I don't think it a normal case, and I think it's unlikely that people > > would set up dns to have 2 times the same IP address and then try > > to bind to that hostname. > > Well, as I said before, > > >> I don't think it's the responsibility of callers such as slapd to check > >> that > >> getaddrinfo() hasn't returned duplicate entries [...] > > so if you have an argument of why extra complexity should be added to the > caller to deal with duplicate records which, one way or another, should not > exist (IMHO), I'm interested to hear it. The only case I can come up with would be misconfiguration, which I don't think is a good reason. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]