On 01/22/2016 10:45 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Fri, Jan 22, 2016 at 07:06:26PM +0100, Florian Weimer wrote: >> On 01/21/2016 11:18 PM, Orion Poplawski wrote: >> >>> PS - There is some other discussion around "mymachines" which seems much more >>> problematic. I'd like to just focus on myhostname for now. The glibc >>> maintainer has indicated that he wants to wait for mymachines to be resolved, >>> but it's almost two months now and I don't see that being resolved soon. >> >> I still have philosophical objects to myhostname as well. I find it odd >> that at one end, we struggle with DNS name space hijacking, but on >> another end, we do basically the same thing: >> >> <https://github.com/systemd/systemd/issues/2026> >> >> The order in nsswitch.conf does not matter (and neither does any non-DNS >> name resolution mechanism) because if we end up having software which >> expects that “gateway” resolves to the IP address of the default >> gateway, we still have an interoperability problem. And if “gateway” is >> never intended for name resolution, why synthesize the name at all? > > It is intended as a convenient fallback mechanism, and is only supposed > to have an effect if 'gateway' is not defined in the local DNS (the > 'domain' or 'search' zones). Would it help if those limitations were > more explicit, e.g. documented in nss-myhostname(8)? I understand that the goal is that nss_myhostname will not override existing names, due to the way the NSS is configured. What I do not understand is how the the “gateway” name can be useful. As I tried to explain above, I'm not really worried about nss_myhostname overriding name resolution, but that software relies on the specific functionality of the “gateway” name provided by nss_myhostname, but *this* name is overridden by DNS (with a suitable search path) or nss_files, so that it no longer resolves to the expected address. >From my point of view, the fact that software (or the user) cannot know that “gateway” resolves to the default gateway makes the name pretty much useless. What am I missing? Florian -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
