[opensuse] Hardcoded .local topleveldomain?
Hi Is the toplevel .local somewhere hardcoded in the NSS libs? There is a strange behaviour when using "getent hosts" with a .local domain in /etc/hosts. It ignores the query order defined in /etc/nsswitch.conf and searches DNS first and then files. Compare the query times for toplevel domain .local and .lokus: # time getent hosts something.local 123.123.123.123 something.local real 0m15.015s user 0m0.000s sys 0m0.004s # time getent hosts something.lokus 231.231.231.231 something.lokus real 0m0.004s user 0m0.000s sys 0m0.004s # time getent hosts 127.0.0.1 localhost.localdomain localhost 123.123.11.88 myhost.example.com myhost 123.123.123.123 something.local 231.231.231.231 something.lokus real 0m0.003s user 0m0.004s sys 0m0.000s An strace of getent shows that it first contacts nscd socket, waits for 5 seconds and then opens nsswitch.conf. This 3 times. Is it a bug or a feature? It happens on Suse 10.1 and Suse 11.0. Configuration: # cat /etc/hosts 127.0.0.1 localhost.localdomain localhost 123.123.11.88 myhost.example.com myhost 123.123.123.123 something.local 231.231.231.231 something.lokus # cat /etc/nsswitch.conf passwd: files ldap group: files ldap hosts: files dns networks: files services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files ldap aliases: files # cat /etc/resolv.conf: nameserver 123.123.11.99 nameserver 123.123.22.88 nameserver 123.123.33.77 domain example.com search example.com my.example.com options ndots:1 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Am Dienstag, 14. Oktober 2008 schrieb Bernd Nies:
Is the toplevel .local somewhere hardcoded in the NSS libs? [...]
AFAIK it is a glibc patch. The .local domain is dedicated to multicast DNS: http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt Gruß Jan -- Politicians do it to Everyone. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jan Ritzerfeld wrote:
Am Dienstag, 14. Oktober 2008 schrieb Bernd Nies:
Is the toplevel .local somewhere hardcoded in the NSS libs? [...]
AFAIK it is a glibc patch. The .local domain is dedicated to multicast DNS: http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt
Interesting. That doc appears to define the top-level name ".local." as special rather than ".local" - is glibc too enthusiastic? Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Am Mittwoch, 15. Oktober 2008 schrieb Dave Howorth:
Jan Ritzerfeld wrote:
[...] http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt
Interesting. That doc appears to define the top-level name ".local." as special rather than ".local" - is glibc too enthusiastic?
Besides what Dominique already said: http://en.wikipedia.org/wiki/FQDN HTH Jan -- Appearances often are deceiving. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Jan, Jan Ritzerfeld wrote:
Am Dienstag, 14. Oktober 2008 schrieb Bernd Nies:
Is the toplevel .local somewhere hardcoded in the NSS libs? [...]
AFAIK it is a glibc patch. The .local domain is dedicated to multicast DNS: http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt
Thanks. Indeed an strace of "getent hosts something.local" shows that it tries to contact a multicast IP address before it timeouts for 5s: 08:31:25 ioctl(3, SIOCGIFFLAGS, {ifr_name="lo", ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING}) = 0 08:31:25 ioctl(3, SIOCGIFFLAGS, {ifr_name="lo", ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING}) = 0 08:31:25 ioctl(3, SIOCGIFFLAGS, {ifr_name="eth0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0 08:31:25 ioctl(3, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=2}) = 0 08:31:25 ioctl(3, SIOCGIFFLAGS, {ifr_name="vmnet8", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0 08:31:25 ioctl(3, SIOCGIFINDEX, {ifr_name="vmnet8", ifr_index=3}) = 0 08:31:25 setsockopt(3, SOL_IP, IP_RECVTTL, [1], 4) = 0 08:31:25 setsockopt(3, SOL_IP, IP_MULTICAST_IF, "\0\0\0\0\0\0\0\0\2\0\0\0", 12) = 0 08:31:25 sendto(3, "\231\r\1\0\0\1\0\0\0\0\0\0\tsomething\5local\0\0\34\0"..., 33, 0, {sa_family=AF_INET, sin_port=htons(5353), sin_addr=inet_addr("224.0.0.251")}, 28) = 33 08:31:25 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 08:31:25 setsockopt(4, SOL_IP, IP_RECVTTL, [1], 4) = 0 08:31:25 setsockopt(4, SOL_IP, IP_MULTICAST_IF, "\0\0\0\0\0\0\0\0\3\0\0\0", 12) = 0 08:31:25 sendto(4, "\231\r\1\0\0\1\0\0\0\0\0\0\tsomething\5local\0\0\34\0"..., 33, 0, {sa_family=AF_INET, sin_port=htons(5353), sin_addr=inet_addr("224.0.0.251")}, 28) = 33 08:31:25 gettimeofday({1224138685, 489039}, NULL) = 0 08:31:25 poll(^C But it ignores the lookup order defined in /etc/nsswitch.conf. It should return the entry from /etc/hosts and then stop. I checked the command "getent hosts something.local" with an entry in /etc/hosts and hosts order "files dns" on various Unixes: Operating System glibc Result ---------------------------------------------- Solaris 8 N/A OK Solaris 9 N/A OK Solaris 10 N/A OK RedHat ES 3u7 2.3.2 OK RedHat ES 4u4 2.3.4-2.25 OK SLES 9p4 2.3.3-98.94 10s delay SLES 10p1 2.4-31.30 OK Suse Linux 9.0 2.3.2-88 OK Suse Linux 10.1 2.4-28 15s delay openSUSE 11.0 2.8-14.1 15s delay Bye, Bernd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Bernd Nies wrote:
Jan Ritzerfeld wrote:
Am Dienstag, 14. Oktober 2008 schrieb Bernd Nies:
Is the toplevel .local somewhere hardcoded in the NSS libs? [...]
AFAIK it is a glibc patch. The .local domain is dedicated to multicast DNS: http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt
which says: "Any DNS query for a name ending with ".local." MUST be sent to the mDNS multicast address (224.0.0.251 or its IPv6 equivalent FF02::FB)".
Thanks. Indeed an strace of "getent hosts something.local" shows that it tries to contact a multicast IP address before it timeouts for 5s: ...
But it ignores the lookup order defined in /etc/nsswitch.conf. It should return the entry from /etc/hosts and then stop.
I think the point is that the spec is new ("Multicast DNS 10th September 2008") and some systems have already implemented it whilst others haven't. Going forward, more systems will implement it and WILL send to the multicast address. AFAICT, you need to stop using ".local" and choose some other domain name. Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Dave, Thanks for your reply.
http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt
which says: "Any DNS query for a name ending with ".local." MUST be sent to the mDNS multicast address (224.0.0.251 or its IPv6 equivalent FF02::FB)".
Yes, this is true, but 'getent' is not DNS and must respect the lookup order defined in /etc/nsswitch.conf. The mDNS query should only come if there's no entry in /etc/hosts. It's a bug: https://bugzilla.novell.com/show_bug.cgi?id=435261 Workaround is to set "mdns off" in /etc/host.conf Bye Bernd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Oct 16, 2008 at 02:23:26PM +0200, Bernd Nies wrote:
Yes, this is true, but 'getent' is not DNS and must respect the lookup order defined in /etc/nsswitch.conf. The mDNS query should only come if there's no entry in /etc/hosts. It's a bug:
Not quite, see my explanation in bugzilla. Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Michael Schroeder wrote:
On Thu, Oct 16, 2008 at 02:23:26PM +0200, Bernd Nies wrote:
Yes, this is true, but 'getent' is not DNS and must respect the lookup order defined in /etc/nsswitch.conf. The mDNS query should only come if there's no entry in /etc/hosts. It's a bug:
Not quite, see my explanation in bugzilla.
Cheers, Michael.
Okay, then I choose to disable IPv6 in the setup. I guess it will be used in productive environment after I have retired in 30 years. ;-) http://en.opensuse.org/SDB:Disabling_IPv6_completely Bye Bernd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
man host.conf mdns Valid values are on and off. If set to on, the resolv+ library treats the .local top level domain as link- local domain and sends multicast DNS requests to the multicast address 224.0.0.251 port 5353 instead of normal DNS requests. If you already use the .local domain in your name‐ server configuration you will have to switch this option off. See http://www.multicastdns.org for more information on multicast DNS. on by default. vi /etc/host.conf mdns off -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Bernd Nies -
Dave Howorth -
Jan Ritzerfeld -
Michael Schroeder