On 01/22/2016 10:45 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Fri, Jan 22, 2016 at 07:06:26PM +0100, Florian Weimer wrote: >> On 01/21/2016 11:18 PM, Orion Poplawski wrote: >> >>> PS - There is some other discussion around "mymachines" which seems much >>> more >>> problematic. I'd like to just focus on myhostname for now. The glibc >>> maintainer has indicated that he wants to wait for mymachines to be >>> resolved, >>> but it's almost two months now and I don't see that being resolved soon. >> >> I still have philosophical objects to myhostname as well. I find it odd >> that at one end, we struggle with DNS name space hijacking, but on >> another end, we do basically the same thing: >> >> <https://github.com/systemd/systemd/issues/2026> >> >> The order in nsswitch.conf does not matter (and neither does any non-DNS >> name resolution mechanism) because if we end up having software which >> expects that “gateway” resolves to the IP address of the default >> gateway, we still have an interoperability problem. And if “gateway” is >> never intended for name resolution, why synthesize the name at all? > > It is intended as a convenient fallback mechanism, and is only supposed > to have an effect if 'gateway' is not defined in the local DNS (the > 'domain' or 'search' zones). Would it help if those limitations were > more explicit, e.g. documented in nss-myhostname(8)?
I understand that the goal is that nss_myhostname will not override existing names, due to the way the NSS is configured. What I do not understand is how the the “gateway” name can be useful. As I tried to explain above, I'm not really worried about nss_myhostname overriding name resolution, but that software relies on the specific functionality of the “gateway” name provided by nss_myhostname, but *this* name is overridden by DNS (with a suitable search path) or nss_files, so that it no longer resolves to the expected address. From my point of view, the fact that software (or the user) cannot know that “gateway” resolves to the default gateway makes the name pretty much useless. What am I missing? Florian -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
