> On May 25, 2016, at 12:07 PM, Steve Dickson <SteveD@xxxxxxxxxx> wrote: > > > > On 05/25/2016 11:25 AM, Chuck Lever wrote: >> >>> On May 25, 2016, at 8:14 AM, Steve Dickson <SteveD@xxxxxxxxxx> wrote: >>> Does that even work? How can you have multiple domains >>> on the same host? >> >> Which interface is used for the TXT record query? > I'm assuming the interfaces in /etc/resolv.conf The DHCP client can change /etc/resolv.conf. >> If a system is on multiple networks with their >> own DNS services, it is possible for them to see >> a different TXT lookup result depending on which >> interfaces happen to be up when the query is done, >> and what DNS service has been set up by DHCP. > From my understand of the BIND api, which is > very limited, domain names and field names > are use to do lookups. Not interfaces. > >> >> >>> I would say we document the fact the first TXT record >>> processed is the one we go with. All others are ignored. >> >> Can that value be guaranteed to be the same after >> every boot, even in the face of things like changing >> order of interface bring-up and DHCP? > none... we are asking for a TXT record called > _nfsv4idmapdomain for from a particular domain. > why would we care what interface it comes from? The order in which interfaces initialize may control the contents of /etc/resolv.conf. >> The problem with "first TXT record processed" is that >> the order these records are processed can change, and >> thus the ID mapping domain name is potentially >> different after every boot. >> >> I think none of the automated mechanisms are 100% >> reliable in this scenario, so the best that can be >> done is to use the Domain setting in idmapd.conf. >> But admins generally ignore this and hilarity ensues. >> >> It may not be possible to solve it, but at least we >> should provide tools for tracking down the issue if >> it should occur. Maybe start by reporting the system's >> ID mapping domain setting in the system log at boot >> time, and how it was derived. > I think this is a phase two thing... Lets the the > core up and working and then go from there. Fair enough, but adding a log entry seems like it is simple enough to do as part of phase one. -- Chuck Lever -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
