On Fri 25 Aug 2017 at 00:54:11 (-0400), Gene Heskett wrote: > On Thursday 24 August 2017 22:15:53 David Wright wrote: > > > On Thu 24 Aug 2017 at 20:58:18 (-0400), Gene Heskett wrote: > > > On Thursday 24 August 2017 12:30:37 Dan Ritter wrote: > > > > On Thu, Aug 24, 2017 at 10:43:56AM -0500, David Wright wrote: > > > > > The history of computing is littered with statements like > > > > > "virtually every computer has exactly one or two NICs". > > > > > > > > It used to be zero. > > > > > > > > We are currently in the phase of history where this statement is > > > > true. NICs are both ubiquitous and cheap, yet devices tend to > > > > come with one (only an ethernet port or only a wifi radio) or > > > > two (one of each of those, or a wifi radio and a cell radio). > > > > > > > > Devices can add more, but they are always special cases: my > > > > Debian-running firewall has 5 ethernet ports. I occasionally > > > > add a USB ethernet frob in order to isolate a device that I want > > > > to talk to directly. Special cases deserve special treatment. > > > > > > > > I expect the statement to remain true for the next ten years. > > > > > > > > Do you expect differently? If so, why? > > > > > > > > > This list is full of postings about the complex DNS system. But > > > > > how long did /etc/hosts last? Some complexity is unavoidable, > > > > > but if you try to avoid it, you pay for it later. Look at > > > > > timezones. Ever allowing computers' internal clocks to run on > > > > > local time was, with hindsight, a big mistake. Leap seconds > > > > > might also be seen the same way (still under debate). > > > > > > > > /etc/hosts still acts the way it always did -- put in an entry, > > > > it overrides DNS. > > > > > > That depends entirely on who wrote your /etc/resolv.conf and whether > > > or not your did a sudo chattr +i /etc/resolv.conf, immediately after > > > verifying that it works. (and of course that implies it is a real > > > file, not a softlink to something else. With N-M in the mix and > > > active that is the only way to keep it from tearing down your > > > network configuration and leaving you empty files, and no network, > > > if it cannot find a dhcpd server) > > > > (We've heard about your problems concerning /etc/resolv.conf > > several times now.) > > > > I think the file that affects the priority of /etc/hosts is > > /etc/nsswitch.conf which typically contains a line like: > > > > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > > > But what has that to do with having the proper entry's > in /etc/resolv.conf? Whose active lines are: > > nameserver 192.168.71.1 > search host,dns
I can't parse ↑ this line. Are you sure your resolver can? Why does it contain a comma? Are "host" and "dns" domain names? > domain coyote.den > > I am willing to learn IF there is a simpler, even faster and more secure > way to do it than what I preach. If those 3 criteria can be satisfied, > show me how. > > That search line "hosts,dns" draws a fine line between my local network, > which is all in the /etc/hosts file, and the rest of this planet for > which I need a dns server. dd-wrt in my router relays the resolution > requests on to my ISP's assigned dns servers, and relays the results > back to whatever asked for it on my home network regardless of which > machine or program on that machine originated the request. > > AFAIK, no other processing seems to be involved. According to htop (root > session) no trace of named or any other dns helper can be found running > on any of the machines(5) running here ATM. Pure, boiled it down to the > simplest way I know how, and it Just Works(TM). FWIW, denyhosts and > portsentry still work just fine. > > Whats not to like? Cheers, David.