On Mi, 15.04.20 09:36, Florian Weimer (fweimer(a)redhat.com) wrote:
> * Michael Catanzaro:
>
> > On Tue, Apr 14, 2020 at 8:48 pm, Zbigniew Jędrzejewski-Szmek
> > <zbyszek(a)in.waw.pl> wrote:
> >> I guess the lesson here is the nsswitch.conf change should be
> >> clarified in the proposal.
> >
> > OK, I've just added it at the end of this part here:
> >
> > "systemd-libs currently has
> >
[
https://src.fedoraproject.org/rpms/systemd/blob/bb79fb73875f8e71841a1ee8e...
> > a %post scriplet] to enable nss-myhostname and nss-systemd by either
> > (a) modifying authselect's user-nsswitch.conf template, if authselect
> > is in use, or (b) directly modifying /etc/nsswitch.conf otherwise. We
> > will work with the systemd maintainers to enable nss-resolve here as
> > well by adding `resolve [!UNAVAIL=return]` to the hosts line."
>
> At which position? After files?
The suggested line in nsswitch.conf is:
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
See
https://www.freedesktop.org/software/systemd/man/nss-resolve.html
So currently we leave "files" the way it is, taking precendence.
That said, resolved has a bus API for resolving hosts too, which gives
a bit richer an API to do things, instead of using
gethostbyname(). resolved parses and caches /etc/hosts for that
natively, so that we can server the same set of names when going via
the bus API or via NSS.
> Does systemd-resolved cache /etc/hosts?
Yes.
Then I don't understand why we are listing files first, before resolve.
If we can handle /etc/hosts through nss_resolve, with caching, we make
progress towards replacing nscd. /etc/hosts is one of the things not
handled by ssssd, so one of the remaining gaps would be covered.
Thanks,
Florian