[opensuse-factory] getent hosts localhost -> ::1
HI! After upgrade to Tumbleweed 20200304 host name localhost insists on IPv6 address no matter what's in /etc/hosts: # getent hosts localhost ::1 localhost Relevant lines from /etc/hosts attached below. How can I disable that without completely switching off IPv6? Ciao, Michael. ----------------- bite here ----------------- 127.0.0.1 localhost # special IPv6 addresses ::1 localhost6 ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Michael Strc3b6der wrote:
HI!
After upgrade to Tumbleweed 20200304 host name localhost insists on IPv6 address no matter what's in /etc/hosts:
# getent hosts localhost ::1 localhost
I see the same, but in 20200229. Actually, also in 42.3 :-) -- Per Jessen, Zürich (7.9°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 3/6/20 3:41 PM, Per Jessen wrote:
Michael Strc3b6der wrote:
After upgrade to Tumbleweed 20200304 host name localhost insists on IPv6 address no matter what's in /etc/hosts:
# getent hosts localhost ::1 localhost
I see the same, but in 20200229. Actually, also in 42.3 :-)
How does the content of your /etc/hosts look like? Ciao, Michael. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Michael Strc3b6der wrote:
On 3/6/20 3:41 PM, Per Jessen wrote:
Michael Strc3b6der wrote:
After upgrade to Tumbleweed 20200304 host name localhost insists on IPv6 address no matter what's in /etc/hosts:
# getent hosts localhost ::1 localhost
I see the same, but in 20200229. Actually, also in 42.3 :-)
How does the content of your /etc/hosts look like?
Just like yours - this is from my 42.3 laptop : 127.0.0.1 localhost # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts -- Per Jessen, Zürich (4.9°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
07.03.2020 12:19, Per Jessen пишет:
Michael Strc3b6der wrote:
On 3/6/20 3:41 PM, Per Jessen wrote:
Michael Strc3b6der wrote:
After upgrade to Tumbleweed 20200304 host name localhost insists on IPv6 address no matter what's in /etc/hosts:
# getent hosts localhost ::1 localhost
I see the same, but in 20200229. Actually, also in 42.3 :-)
How does the content of your /etc/hosts look like?
Just like yours
No, you have ::1 for localhost and Michael does not.
- this is from my 42.3 laptop :
127.0.0.1 localhost
# special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback ^^^^^^^^^^^^^^^^^^^^^^^^^^^
that is where it comes from in your case.
fe00::0 ipv6-localnet
ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Andrei Borzenkov wrote:
07.03.2020 12:19, Per Jessen пишет:
Just like yours
No, you have ::1 for localhost and Michael does not.
- this is from my 42.3 laptop :
127.0.0.1 localhost
# special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback ^^^^^^^^^^^^^^^^^^^^^^^^^^^
that is where it comes from in your case.
I have to go see my optometrist, need better glasses, I only see what I want to see :-) -- Per Jessen, Zürich (6.8°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 6 Mar 2020 15:03, Michael Ströder <michael@...> wrote:
HI!
After upgrade to Tumbleweed 20200304 host name localhost insists on IPv6 address no matter what's in /etc/hosts:
# getent hosts localhost ::1 localhost
Relevant lines from /etc/hosts attached below.
How can I disable that without completely switching off IPv6?
Ciao, Michael.
The magic you are looking for happens in {/,/usr/}etc/gai.conf see man page "man 5 gai.conf" - it comes with the glibc package relevant part of gai.conf: <snip before> # precedence <mask> <value> # Add another rule to the RFC 3484 precedence table. See section 2.1 # and 10.3 in RFC 3484. The default is: # <snip> #precedence ::ffff:0:0/96 10 # # For sites which prefer IPv4 connections change the last line to # precedence ::ffff:0:0/96 100 <snip after> if you just want to modify localhost use a more limiting selector: precedence ::ffff:127.0.0.0/104 100 Have a nice weekend, - Yamaban
06.03.2020 21:19, Yamaban пишет:
On Fri, 6 Mar 2020 15:03, Michael Ströder <michael@...> wrote:
HI!
After upgrade to Tumbleweed 20200304 host name localhost insists on IPv6 address no matter what's in /etc/hosts:
# getent hosts localhost ::1 localhost
Relevant lines from /etc/hosts attached below.
How can I disable that without completely switching off IPv6?
Ciao, Michael.
The magic you are looking for happens in {/,/usr/}etc/gai.conf
No, it does not. getent hardcodes IPv6 address first - if IPv6 address is found, it is returned. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
06.03.2020 17:03, Michael Ströder пишет:
HI!
After upgrade to Tumbleweed 20200304 host name localhost insists on IPv6 address no matter what's in /etc/hosts:
# getent hosts localhost ::1 localhost
Relevant lines from /etc/hosts attached below.
You are aware that Linux is using /etc/nsswitch.conf to decide where to lookup name-to-address mapping, are not you? So /etc/hosts is relevant only to the extent that there is no IPv6 localhost entry. getent tries to find IPv6 address first. One of your configured NSS backends returns ::1 for localhost. It is up to you to find out which NSS backend does it. If you are truly interested, start with removing them one by one until localhost becomes IPv4 again.
How can I disable that without completely switching off IPv6?
It is completely to unrelated whether IPv6 is active in kernel.
Ciao, Michael.
----------------- bite here ----------------- 127.0.0.1 localhost
# special IPv6 addresses ::1 localhost6 ipv6-localhost ipv6-loopback
fe00::0 ipv6-localnet
ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Mär 06 2020, Michael Ströder wrote:
# getent hosts localhost
getent hosts uses gethostbyname, which is an obsolete interface. You should use getent ahosts instead. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 3/9/20 10:13 AM, Andreas Schwab wrote:
On Mär 06 2020, Michael Ströder wrote:
# getent hosts localhost
getent hosts uses gethostbyname, which is an obsolete interface. You should use getent ahosts instead.
Hmm, even more confusing (but thanks for the hint)... $ getent ahosts localhost 127.0.0.1 STREAM localhost 127.0.0.1 DGRAM 127.0.0.1 RAW $ getent hosts localhost ::1 localhost Background of my question: I'm using ISC dhcpd (IPv4 mode) with LDAP backend. In the dhcpd.conf I used: ldap-server "localhost"; After recent Tumbleweed upgrade this did not work anymore. Replacing it with using the IPv4 address works: ldap-server "127.0.0.1"; I think the issue was caused by the unbound update. The DNS recursor is now returning IPv4 and IPv6 addresses for localhost: $ host localhost. localhost has address 127.0.0.1 localhost has IPv6 address ::1 In theory ISC dhcpd should have been able to connect to ldap://::1 but it did not work. I have to dig a bit deeper... Ciao, Michael. P.S.: Yes, I know kea. But it does not support LDAP server as backend yet. No, for now I don't want to migrate. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Mon, Mar 9, 2020 at 6:29 AM Michael Ströder <michael@stroeder.com> wrote:
getent hosts uses gethostbyname, which is an obsolete interface. You should use getent ahosts instead.
Hmm, even more confusing (but thanks for the hint)...
Yes, it will get worse if you dig further.
Replacing it with using the IPv4 address works:
ldap-server "127.0.0.1";
I think the issue was caused by the unbound update. The DNS recursor is now returning IPv4 and IPv6 addresses for localhost:
So you are hitting another issue.. queries of name localhost shouldn't even go there in the first place..they shouldn't leak anywhere..should not be asked to the network.. unfortunately nothing mandates this behaviour *yet*.
$ host localhost. localhost has address 127.0.0.1 localhost has IPv6 address ::1
great. the resolver should return NXDOMAIN for that...like google does.. drill localhost@8.8.8.8 ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 6257... however this is an issue in debate.
In theory ISC dhcpd should have been able to connect to ldap://::1 but it did not work.
I have to dig a bit deeper...
is ldap even listening on ipv6 in the first place ? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
09.03.2020 14:49, Cristian Rodríguez пишет:
So you are hitting another issue.. queries of name localhost shouldn't even go there in the first place..they shouldn't leak anywhere..should not be asked to the network..
bor@bor-Latitude-E5450:~$ dig localhost any ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> localhost any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24546 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;localhost. IN ANY ;; ANSWER SECTION: localhost. 0 IN A 127.0.0.1 localhost. 0 IN AAAA ::1 ;; Query time: 18 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Mar 09 15:04:47 MSK 2020 ;; MSG SIZE rcvd: 82 bor@bor-Latitude-E5450:~$ Welcome to the wonderful world of systemd-resolved ... -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Mon, Mar 9, 2020 at 9:06 AM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
Welcome to the wonderful world of systemd-resolved ...
It actually never asks the network for that name, answers for name localhost are hardcoded in the daemon so queries never leave the local system (resolved does not answer queries from anywhere but those from packets recieved in the lo interface, not just having source or destination 127.0.0.1 or ::1) They shouldn't even reach systemd-resolved..resolv should have that hardcoded and do not ask anywhere else, again this is not required by any standard but should be there for sanity..browsers among other things trust localhost to always be the local machine..dns could tell otherwise. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/03/2020 13.06, Andrei Borzenkov wrote:
09.03.2020 14:49, Cristian Rodríguez пишет:
So you are hitting another issue.. queries of name localhost shouldn't even go there in the first place..they shouldn't leak anywhere..should not be asked to the network..
bor@bor-Latitude-E5450:~$ dig localhost any
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> localhost any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24546 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;localhost. IN ANY
;; ANSWER SECTION: localhost. 0 IN A 127.0.0.1 localhost. 0 IN AAAA ::1
;; Query time: 18 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Mar 09 15:04:47 MSK 2020 ;; MSG SIZE rcvd: 82
bor@bor-Latitude-E5450:~$
Welcome to the wonderful world of systemd-resolved ...
cer@Telcontar:~> dig localhost any ; <<>> DiG 9.11.2 <<>> localhost any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40349 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;localhost. IN ANY ;; ANSWER SECTION: localhost. 0 IN A 127.0.0.1 localhost. 0 IN AAAA ::1 ;; Query time: 1 msec ;; SERVER: 192.168.1.16#53(192.168.1.16) <=========== another machine in the LAN. ;; WHEN: Mon Mar 23 13:35:12 CET 2020 ;; MSG SIZE rcvd: 82 cer@Telcontar:~> -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 3/9/20 1:06 PM, Andrei Borzenkov wrote:
Welcome to the wonderful world of systemd-resolved ...
Being the original poster in this thread I'd like to note that systemd-resolved is not even installed on the system. Ciao, Michael. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
23.03.2020 15:56, Michael Ströder пишет:
On 3/9/20 1:06 PM, Andrei Borzenkov wrote:
Welcome to the wonderful world of systemd-resolved ...
Being the original poster in this thread I'd like to note that systemd-resolved is not even installed on the system.
So where does it come from in your case? To remind what I said:
One of your configured NSS backends returns ::1 for localhost. It is up to you to find out which NSS backend does it.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 3/23/20 2:35 PM, Andrei Borzenkov wrote:
23.03.2020 15:56, Michael Ströder пишет:
On 3/9/20 1:06 PM, Andrei Borzenkov wrote:
Welcome to the wonderful world of systemd-resolved ...
Being the original poster in this thread I'd like to note that systemd-resolved is not even installed on the system.
So where does it come from in your case?
From unbound.
There was an unbound update during that time. Ciao, Michael. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
23.03.2020 16:56, Michael Ströder пишет:
On 3/23/20 2:35 PM, Andrei Borzenkov wrote:
23.03.2020 15:56, Michael Ströder пишет:
On 3/9/20 1:06 PM, Andrei Borzenkov wrote:
Welcome to the wonderful world of systemd-resolved ...
Being the original poster in this thread I'd like to note that systemd-resolved is not even installed on the system.
So where does it come from in your case?
From unbound.
There was an unbound update during that time.
Funny. According to git blame, unbound should have been returning ::1 for localhost for at least 13 years by now. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 3/24/20 6:17 AM, Andrei Borzenkov wrote:
23.03.2020 16:56, Michael Ströder пишет:
On 3/23/20 2:35 PM, Andrei Borzenkov wrote:
23.03.2020 15:56, Michael Ströder пишет:
On 3/9/20 1:06 PM, Andrei Borzenkov wrote:
Welcome to the wonderful world of systemd-resolved ...
Being the original poster in this thread I'd like to note that systemd-resolved is not even installed on the system.
So where does it come from in your case?
From unbound.
There was an unbound update during that time.
Funny. According to git blame, unbound should have been returning ::1 for localhost for at least 13 years by now.
I'm also not 100% sure. That's why I wrote "I have to dig a bit deeper..." before [1]. Ciao, Michael. [1] https://lists.opensuse.org/opensuse-factory/2020-03/msg00105.html -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday 2020-03-09 12:49, Cristian Rodríguez wrote:
So you are hitting another issue.. queries of name localhost shouldn't even go there in the first place..they shouldn't leak anywhere..should not be asked to the network.. unfortunately nothing mandates this behaviour *yet*.
$ host localhost. localhost has address 127.0.0.1 localhost has IPv6 address ::1
great. the resolver should return NXDOMAIN for that...like google does..
I also have a CPE which returns data for localhost. (Better to have it than to lack it?) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (8)
-
Andreas Schwab -
Andrei Borzenkov -
Carlos E. R. -
Cristian Rodríguez -
Jan Engelhardt -
Michael Ströder -
Per Jessen -
Yamaban