On 3/24/21 11:26 PM, Michael Catanzaro wrote:
Hi,
I have a couple different ideas of what could be going wrong. Let's test
a few things. First, please run:
$ cat /etc/nsswitch.conf | grep hosts | tail -1
If it is our default configuration, it should say:
hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return]
myhostname dns
Exactly the same output, nsswitch.conf is pointing to
/etc/authselect/nsswitch.conf default
Now, see what happens if you disable systemd-resolved:
$ sudo systemctl stop systemd-resolved.service
This doesn't properly disable systemd-resolved, There is a DNS
resolution error or two and then the service is autostarted (probably
socket activation)
I entirely disabled it by changing dns=default in NetworkManager and
renaming the /etc/resolv.conf symlink to another name.
Does the bug go away? If so, it's likely a systemd-resolved bug to be
fixed. (Reenable systemd-resolved with 'sudo systemctl start
systemd-resolved.service'.)
No, the bug dosn't go away. The fedora name is still searched on all
search domains (traced bu wireshark) and not a simple direct local
response like happens with localhost
If the bug does NOT go away, then let's test one more thing: please edit
/etc/authselect/user-nsswitch.conf as root and change the hosts line to
look like this:
hosts: files myhostname mdns4_minimal [NOTFOUND=return] resolve
[!UNAVAIL=return] dns
Then run:
$ sudo authselect apply-changes
With this the bug goes away.
Does the bug go away? I think that should almost certainly "fix" it. If
so, you have a good workaround, and we know the problem must be caused
by avahi, and we should reconsider our NSS configuration. But if the bug
does not go away after this big hammer, then it must be a
Firefox/Thunderbird bug, because if they try to resolve anything that
doesn't exactly match the local hostname, then of course we have to do
some DNS.
Notice that it isn't a Firefox and Thunderbird issue. 'ping fedora' have
these long DNS timeouts looking fedora on the search domains. I agree
that it is weird that these applications are doing lookups with the
hostname, but ping should not be doing these either with fedora, exactly
like localhost doesn't ends up as queries on the search domains.
I'm interested to see the your results,
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
