Mailinglist Archive: opensuse-security (34 mails)

< Previous Next >
Re: [opensuse-security] nss-mdns and SuSEfirewall2
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Tue, 14 Oct 2008 09:01:59 +0200
  • Message-id: <200810140902.00811.ludwig.nussel@xxxxxxx>
Michael Ströder wrote:
Jan Ritzerfeld wrote:
Am Mittwoch, 24. September 2008 schrieb Ludwig Nussel:
Jan Ritzerfeld wrote:
However, the strange part for me is that "avahi-resolve -n
KY623B6B.local" works fine. The summary of nss-mdns tells me that it
would use a running avahi deamon. I have a avahi deamon running, but
nss-mdns tries to resolve the name via mdns by itself. And failes,
because of the firewall.
try "echo mdns off >> /etc/host.conf". There is a patch in glibc
that make glibc itself resolve the .local zone instead of using

Oh, I assumed that this patch was replaced/obsoleted by nss-mdns. Wouldn't
it be a good idea either to add "mdns off" when installing nss-mdns
automatically, or to remove the glibc patch?

I'd also prefer if the default configuration wouldn't ship with this
LINK_LOCAL and MDNS crap. At least a checkbox in the network
configuration to switch it off easily.

Well, file a bug report (enhancement). On 11.1 the glibc mdns patch is disabled
AFAIK. The mdns_minimal module relies on avahi so stopping the avahi daemon
should be sufficient to disable mdns. OTOH avahi does at least have
a cache for positive name lookups so I'd expect less problems due to


(o_ Ludwig Nussel
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >