On Wednesday, 10 March 2021 13:27:24 GMT Mark Knecht wrote: > On Tue, Mar 9, 2021 at 10:10 PM Grant Taylor < > > [email protected]> wrote: > > On 2/21/21 3:23 PM, Grant Taylor wrote: > > > Will someone please explain why the Gentoo AMD64 Handbook ~> Gentoo (at > > > large) says to add the local host name to the 127.0.0.1 (or ::1) entry > > > in the /etc/hosts file? What was the thought process behind that? > > > > Shameless Bump -- I'm still interested in understanding the logic > > behind the choice in the Gentoo Handbook. > > > > Additional information. > > > > The Samba Wiki states the following in the Preparing the Installation > > section of the Setting up Samba as an Active Directory Domain Controller > > document. > > > > "The host name and FQDN must not resolve to the 127.0.0.1 IP address or > > any other IP address than the one used on the LAN interface of the DC." > > > > Link - Setting up Samba as an Active Directory Domain Controller - > > Preparing the Installation > > > > - > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Dom > ain_Controller#Preparing_the_Installation > > > AND > > [quote] > I'm reading Kerberos - The Definitive Guide[1] and it makes the > > following comment: > > And to make matters worse, some Unix systems map their own hostname > > to 127.0.0.1 (the loopback IP address). > > [/quote] > > Caveat - not an expert, just my meager understanding: > > 1) The name 'localhost' is historically for developers who want to access > their own machine _without_ using DNS. > > 2) By general practice sometime in the deep, dark times 127.0.0.1 was > accepted for this purpose. There's nothing special about the address. > > 3) I read the original quoted comment in the Kerberos Guide as a warning - > 'to make matters worse, __SOME__" > > 4) In my /etc/hosts I do _NOT_ map my machine's name to the same address as > localhost, avoiding the Kerberos warning: > > mark@science:~$ cat /etc/hosts > 127.0.0.1 localhost > 127.0.1.1 science > > # The following lines are desirable for IPv6 capable hosts > > ::1 ip6-localhost ip6-loopback > > fe00::0 ip6-localnet > ff00::0 ip6-mcastprefix > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > mark@science:~$ ping localhost > PING localhost (127.0.0.1) 56(84) bytes of data. > 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.032 ms > > mark@science:~$ ping science > PING science (127.0.1.1) 56(84) bytes of data. > 64 bytes from science (127.0.1.1): icmp_seq=1 ttl=64 time=0.032 ms > > mark@science:~$ hostname > science > mark@science:~$ hostname -I > 192.168.86.42 > mark@science:~$ hostname -A > science.lan > mark@science:~$ hostname -f > science > mark@science:~$ hostname -i > 127.0.1.1 > mark@science:~$
I think this is relevant to DNS resolution of/with domain controllers and may depend on the AD/DC topology. The idea is to use the LAN address of the box as the first address in /etc/hosts and use 127.0.0.1 as the second address in the file. If more AD/DNS servers exist in the network, then 127.0.0.1 could be even further down the list. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10)?redirectedfrom=MSDN I haven't over-thought this and there may be more to it, but on a pure linux environment I expect this would not be a requirement, hence the handbook approach.
signature.asc
Description: This is a digitally signed message part.
