[email protected]
[Top] [All Lists]

Bug#351990: marked as forwarded (mDNS should not be in /etc/nsswitch.con

Subject: Bug#351990: marked as forwarded mDNS should not be in /etc/nsswitch.conf by default
From: Debian Bug Tracking System
Date: Wed, 08 Feb 2006 16:04:26 -0800
Your message dated Thu, 9 Feb 2006 00:58:49 +0100 (CET)
with message-id <[email protected]>
has caused the Debian Bug report #351990,
regarding mDNS should not be in /etc/nsswitch.conf by default
to be marked as having been forwarded to the upstream software
author(s) Joey Hess <[email protected]>.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Subject: base-files: What to do with /etc/nsswitch.conf?
From: Santiago Vila
Date: Thu, 9 Feb 2006 00:58:49 +0100 CET
Sorry to everybody involved for my delay in processing this bug.

I'm forwarding it to Joey Hess, who proposed the current status.

Anand Kumria <[email protected]> writes in Bug#348578:

---------- Forwarded message ----------
Date: Wed, 18 Jan 2006 06:32:51 +1100
Subject: base-files: changes order of mDNS in /etc/nsswitch.conf

Package: base-files
Version: 3.1.9
Severity: important


Currently /etc/nsswitch.conf has the line:

hosts:          files dns mdns

However in a recent discussion with the KDE group, both the mdns
upstream (Lennart) and myself believe the order should be:

hosts:          files mdns dns

        - a DNS server should never see a '.local' zone
        (by default, libnss-mdns only looks there)
        - mdns will respond faster than a DNS server can for .local

Unlike Joey Hess (CC'd) I have not tested what, if any, impact this will
have (as per #324954) should libnss-mdns not be installed.

Also I note that Lennart would prefer:

hosts:          files mdns4 dns

But I believe we should not limit link-local multicast name resolution
to only IPv4.

I've CC'd a number of you for further discussion in case you believe
this change should not take effect or my reasoning to be flawed.

Lennart Poettering <[email protected]> writes in Bug#348580:

---------- Forwarded message ----------
Since base-files 3.1.8 /etc/nsswitch.conf contains support for
libnss-mdns out of the box:

  hosts: files dns mdns

I don't think this line is a good idea, because this way lookups for a
.local host are first issued using normal unicast DNS. This lookup,
however, will almost certainly fail and thus result in useless traffic
and a superfluous delay when accessing a slow DNS server.

Instead I would like to suggest to reverse the order of "dns" and
"mdns". This is not a security risk because the default configuration
of libnss-mdns doesn't allow host name lookups for hosts outside

In addition I would like to suggest to use the IPv4-only module of
libnss-mdns because looking up IPv6 addresses of a host which only
publishes IPv4 addresses will cause an extra timeout delay of three
seconds. All Macs, and all HOWL running machines publish only IPv4
addresses by default. Hosts running Avahi are the only exception right

In summary, the following line is what I would like to propose:

  hosts: files mdns4 dns

(As a side note: I am the upstream maintainer of libnss-mdns, that's
why this came to my attention)
---------- End Forwarded message ----------

and later:

---------- Forwarded message ----------

A quick addendum to the order issue:

If the order of "mdns" and "dns" is swapped in nsswitch.conf, reverse
host name lookups will always be tried first with multicast DNS --
which will fail in most cases, and thus adds a 3s delay to most calls
to gethostbyaddr(), which is unacceptable.

A possible solution is to split nss-mdns into two seperate modules,
one which does just host->address lookups, and the user which does
address->host lookups. That way it is possible to specify the order
"mdns dns mdns_reverse". However, for this split to happen nss-mdns
needs some work, and this is currently not a top priority on my TODO

Hence, please do *NOT* swap the order of the two modules.

However, I still believe you should replace "mdns" with "mdns4",
thefore I am not closing this bug report.


and now Ricardo T. Muggli <[email protected]> writes in Bug#351990:

---------- Forwarded message ----------

Since libnss-mdns is not part of the base, references to it should not be in
base. The hosts line of /etc/nsswitch.conf should be changed to:

hosts:          files dns

If the hosts: line in /etc/nsswitch.conf contains mdns and libnss-mdns is not
installed a program will waste time trying to find the libnss_mdns library.

Maybe when libnss-mdns is installed it should add this entry to
/etc/nsswitch.conf. However there are still some pitfalls with having mdns
enabled. If libnss-mdns is installed and you try to resolve an ip address that
does not exist in the DNS you will get about a 5 second delay. This happens
because it has to wait for the timeout on the /var/run/avahi-daemon/socket -
while avahi-daemon is trying to do a MDNS lookup.

---------- End Forwarded message ----------

Since it was you who suggested this change, I am all ears for your
advice on this.

I am seriously considering what Ricardo suggests, namely, keeping
things as they initially were, and giving explicit permission to
libnss-mdns to change /etc/nsswitch.conf even if it's a conffile owned
by another package. I am also considering to make that file a
in-the-first-install, as it happens with /etc/profile or /root/.profile,
in case it helps.


--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#351990: marked as forwarded (mDNS should not be in /etc/nsswitch.conf by default), Debian Bug Tracking System <=