On 8/1/23 12:41, Petr Menšík wrote:
No, I am afraid that is not gist of that response. We still want
mdns4_minimal to be preferred variant and others to be configurable
manually. Sadly, they are all still needed, with minimal variants
preferred.
and also --with-mdns should be possible in addition to existing 4 and 6
variants.
On 01. 08. 23 12:10, Pavel Březina wrote:
On 8/1/23 09:56, Zdenek Dohnal wrote:
Hi Pavel,
since authselect already advertises features for profiles regarding
mdns as:
--with-mdns4
--with-mdns6
it would be great if the profile feature logically matched what is
going to be enabled - --with-mdn4 will put 'mdns4' into 'hosts' in
nsswitch.conf instead of current mdns_minimal.
AFAIK from Avahi people (pemensik in CC) I wouldn't go for mdns and
mdns_minimal, because hostname->IPv6 + hostname->IPv4 address
resolutions are currently made in sequence in Avahi, so the getting
the result will be unnecessary delayed if one of them is not defined.
IIUC nss-mdns README, the main difference between mdns4 and
mdns4_minimal is /etc/mdns.allow file support, which can allow
bypassing heuristics and allows user to do mDNS queries in conflict
to mDNS standard (f.e. standard specifies that only .local or .local.
domains can be used for mDNS) - although it would be great if
networks were up to the standards, it is not a case in reality. We
had this issue https://bugzilla.redhat.com/show_bug.cgi?id=2148500 ,
where ISP injected DNS server which defined 'local' domain as classic
DNS record, breaking mDNS resolution in whole user's environment.
Fortunately Petr came up with solution for it (now nss-mdns does
always mDNS lookup for .local, but if there is DNS SOA for .local and
mDNS lookup didn't succeed, moves to DNS), so this scenario doesn't
need mdns.allow anymore, but IMO there could be other divergence from
standards in the networks, so having the option to use mdns.allow in
default configuration is welcome.
So what I would propose:
- use mdns4/mdns6 with authselect --with-mdns4 and --with-mdns6
profile features instead of _minimal to honor name logic,
- don't use mdns/mdns_minimal - if someone wants to use it, he can
enable both features separately,
- if someone would like to use mdns4/6_minimal, he can opt-out from
authselect and update nsswitch.conf manually.
@Adam, @Petr, please let me know if there are other things to
consider or disadvantages in this.
Hi Zdenek,
the current logic is:
- with-mdns4: mdns4_minimal
- with-mdns6: mdns6_minimal
- with-mdns4 and with-mdns6? mdns_minimal
Where exactly are those variants documented? I have looked into man
authselect, but failed any word on mdns. How can I check how authselect
presents them, please? Anything better than command:
$ authselect list-features minimal
You want `authselect show sssd`
If I understand your message correctly, you propose to keep this logic
but use mdns4/mdns6/mdns instead of minimal and drop support for
minimal completely. Is that right?
Thank,
Pavel
No, not at all. We want minimal variants preferred until nss-mdns is
changes significantly. Check nss-mdns issue #88 [1].
1. https://github.com/lathiat/nss-mdns/issues/88
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
