Package: libnss-mdns Severity: critical Version: 0.8-6.1 Hi Loïc,
On Tuesday 02 January 2007 12:45, Loïc Minier wrote: > > package libnss-mdns > > found 392813 0.8-6.1 > > I would prefer you to open a separate bug report or perhaps we can > clone this one for now. Done. > > Now to get to your particular problem: > > Update from 0.8-6 to 0.8-6.1 broke DNS for me again. libnss-mdns > > must not edit nsswitch.conf if "local" is exists in the "search" > > line in resolv.conf or remove the "local" or at least give some > > warning. > > It seems to me your site is using the .local TLD; this is sadly an > inherently problematic situation in combination with mDNS and you > should consider changing to a different TLD if you want to use > mDNS. I imagine this might not be an easy thing to achieve, and we > have built a workaround in the nss-mdns + avahi-daemon packages to > "support" these situations (by disabling mDNS lookups). > > The solution you describe might sound like a good thing to do for > setups similar to yours, but the problem is a bit more complex > once you start considering roaming laptops which attach to > different networks, which might or might not use the .local TLD. > > Since version 0.8-6.1, nss-mdns is configured to systematically > contact avahi-daemon for mDNS lookups; if avahi-daemon isn't > running, the lookup should fail fast. avahi-daemon ships an > ifupdown hook since version 0.6.16-1 which will disable > avahi-daemon when a .local TLD is detected. > > The intent of this layout is to check for the existence of a > .local TLD after each change in the DNS (which will typically > involve a networking change). > > Stefan, could you report the version of avahi-daemon you had when > you experienced the bug? Is the bug still present in version > 0.6.16-1? If the bug is still present, could you check whether the > ifupdown avahi hook works as expected? This can be achieved by > reporting the output of: > host -t soa local. > > Perhaps the test needs to be enhanced to match your particular > configuration; I imagine this can be caused by .local entries in > your /etc/hosts but no real .local DNS zone at your DNS server. > > You might also find this page of interest to understand the > problem: http://avahi.org/wiki/AvahiAndUnicastDotLocal When I did the upgrade I had avahi-daemon 0.6.15-2 installed. The problem is still there with avahi-daemon 0.6.16-1, when I change nsswitch.conf to the configuration added by libnss-mdns. I don't use .local TLD anymore, but I used it in the past, so that the entry in the resolv.conf was still there. The "search local" entry *alone* prevents DNS from working, it is not necessary to have .local anywhere in DNS or /etc/hosts. It is absolutely no problem for me to change my configuration but this case should be handled somehow (ask to change resolv.conf, not modify nsswitch.conf, add hint to release notes, ...) because the problem is very difficult to find if you update a lot of packages and then can't google for a solution. (Therefore severity critical) Some more thoughts: - dnsmasq which is used on the openWRT routers by default will not return SOA records, even if it serves A records: $ host x.lan x.lan has address 10.1.2.3 $ host -t SOA lan. lan has no SOA record Maybe there would be a problem if someone has configured addresses for .local hostnames on such a router. (But maybe it just means that the unicast .local hostnames would not be found anymore?) - if you check for "search local" in /resolv.conf, don't forget that there can be several domains in one line and "domain" works like "search" (IIRC) - maybe an entry in the release notes would be a good idea in any case, even if you handle the "search local" case, because there might be other corner cases where DNS breaks. People should either remove everything with .local from {DNS,/etc/hosts,/etc/resolv.conf} or uninstall libnss-mdns (or avahi-daemon?). - I consider it very unexpected behaviour for a package to modify a file in /etc without asking. Policy 10.7.3 says: "local changes must be preserved during a package upgrade". After the upgrade to 0.8-5 I changed nsswitch.conf to not use mdns but my change was overwritten on upgrade to 0.8-6.1. Maybe a debconf note or NEWS.Debian entry would be in order. Or maybe libnss-mdns should remember that it changed nsswitch.conf once already and not touch it again. Cheers, Stefan
pgpxrEFjmRllJ.pgp
Description: PGP signature
