"Roland C. Dowdeswell" <roland.dowdesw...@twosigma.com> writes:

> Note that it states "the domain name of the target host".  /etc/hosts
> doesn't contain domain names but rather host names.

The "hostname" in /etc/hosts can contain periods, and it functions like an
FQDN in practice.

> It also urges implementors to return the address records in the
> Additional Data section.  This implies, I think, the addresses are to be
> obtained by the implementor probably on the domain name server.

My understanding is that Additional Data is a performance optimization in
DNS that allows a cache to make fewer queries by anticipating some of the
questions it's likely to ask next and letting it pre-cache that data.
This information is not used by clients under normal circumstances (dig is
not a normal client); in fact, some quick searching seems to indicate that
it's often not even exposed by DNS libraries.  It's used by the cache to
answer subsequent queries (or not if you don't bother to make them).

Anyway, I think the standard question is a red herring.  You cannot look
at DNS standards to figure out whether /etc/hosts should override, because
of course /etc/hosts isn't mentioned in DNS standards because it's not
part of DNS.

I think this is pretty clearly implementation-defined.  Nothing in any
standard is going to tell you that you MUST connect to an address
specified in an A or AAAA record or you're not doing Kerberos; that's not
how standards work.  They're going to tell you that, for interop with a
site specifying Kerberos KDCs in DNS, this is the IP that the SRV record
points to and that you should connect to if you want to honor their DNS
records, which is fine; that's not what we're discussing.  What we're
discussing is whether to maintain what has become a valuable UNIX
*debugging and override* tool, which of course isn't in the scope of a
Kerberos or DNS standard for the same reason that LD_PRELOAD isn't in the
scope of a Kerberos or DNS standard.

I do see the point that people can override their /etc/krb5.conf instead,
and now that I know about this I suspect I will be able to make my systems
do the right thing, but /etc/hosts is convenient because it overrides *all
software* (as opposed to making you go hunt down some specific config file
for each piece of software).  I think not honoring it would be
unpleasantly surprising.

Russ Allbery (ea...@eyrie.org)              <http://www.eyrie.org/~eagle/>

Reply via email to