From: ahesford <ahesford@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Closed]: base-files: fix mdns ordering in nsswitch.conf
Date: Fri, 22 Jan 2021 05:15:50 +0100 [thread overview]
Message-ID: <20210122041550.cZXvXaiYJumLKkw98vf2mXt4k72YbTYF3uH720TxNfI@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-28038@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 2443 bytes --]
There's a closed pull request on the void-packages repository
base-files: fix mdns ordering in nsswitch.conf
https://github.com/void-linux/void-packages/pull/28038
Description:
The current ordering of services for `hosts` in `nsswitch.conf` can lead to unreasonably long delays doing, *e.g.*, reverse DNS lookups when attempting to connect to a remote telnet host using the client in `inetutils-telnet` and `nss-mdns` is installed to allow Avahi to do mDNS lookups.
A snip from `strace telnet remotehost` shows the culprit:
```
socket(AF_UNIX, SOCK_STREAM, 0) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/avahi-daemon/socket"}, 110) = 0
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
write(3, "RESOLVE-ADDRESS XX.YY.ZZ.TT\n", 31) = 31
read(3, "-15 Timeout reached\n", 4096) = 20
close(3) = 0
```
where `XX.YY.ZZ.TT` is the public IPv4 address of my NAT router. The delay between the `RESOLVE-ADDRESS` write and the `-15 Timeout reached` response is several seconds, because Avahi is using `mdns` to attempt to resolve the address to a host.
Per [upstream documentation](https://github.com/lathiat/nss-mdns/blob/master/README.md) the `mdns{,4,6}_minimal` module short-circuits the lookup for anything but `.local` domains and link-local addresses, allowing fast failing unless the name is unlikely to be found in proper DNS. The `[NOTFOUND=return]` ensures that `.local` and link-local address lookups are authoritatively handled by mDNS (if `nss-mdns` is installed and Avahi enabled), preventing DNS queries that should never succeed anyway. The full module is recalled *after* DNS to allow custom domain configuration when a result is not available over regular DNS.
This at least eliminates the telnet connection delay.
The ordering agrees with the upstream example, except I use `mdns` instead of `mdns4` because, contrary to their observation that "most mDNS responders only register local IPv4 addresses via mDNS", Avahi and other modern hosts seem to register both IPv4 and IPv6 when IPv6 networking is enabled; the `mdns` modules handle both v4 and v6 lookups.
While I was making these changes, I noticed the `myhostname` NSS module no longer seems to exist, so I dropped that from the config as well.
prev parent reply other threads:[~2021-01-22 4:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-19 17:11 [PR PATCH] " ahesford
2021-01-19 18:40 ` [PR PATCH] [Updated] " ahesford
2021-01-22 4:15 ` ahesford [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210122041550.cZXvXaiYJumLKkw98vf2mXt4k72YbTYF3uH720TxNfI@z \
--to=ahesford@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).