Bug#846944: Installing libnss-resolve before libnss-mdns breaks mDNS name resolution

Alexander Kurtz alexander at kurtz.be
Sun Dec 4 14:36:52 GMT 2016 

Package: libnss-resolve
Version: 232-6
Severity: serious
Justification: Breaks another package

Hi!

A freshly installed Debian Stretch system will have a
/etc/nsswitch.conf like this (see libc-bin's postinst and/or
/usr/share/libc-bin/nsswitch.conf):

	# /etc/nsswitch.conf
	#
	# Example configuration of GNU Name Service Switch functionality.
	# If you have the `glibc-doc-reference' and `info' packages installed, try:
	# `info libc "Name Service Switch"' for information about this file.

	passwd:         compat
	group:          compat
	shadow:         compat
	gshadow:        files

	hosts:          files dns
	networks:       files

	protocols:      db files
	services:       db files
	ethers:         db files
	rpc:            db files

	netgroup:       nis

Installing libnss-resolve makes these changes:

	--- nsswitch.conf	2016-12-04 15:16:42.701978711 +0100
	+++ /etc/nsswitch.conf	2016-12-04 15:16:51.965961200
+0100
	@@ -9,7 +9,7 @@
	 shadow:         compat
	 gshadow:        files
	 
	-hosts:          files dns
	+hosts:          files resolve [!UNAVAIL=return] dns
	 networks:       files
	 
	 protocols:      db files

If the user then installs for example the "gnome" meta package, 
libnss-mdns and libnss-myhostname will be installed as well because of
these dependencies/recommendations: 

	gnome -> avahi-daemon -> libnss-mdns
	gnome -> gnome-core -> gnome-control-center -> libnss-myhostname

This results in the following hosts line:

	hosts:          files resolve [!UNAVAIL=return] mdns4_minimal [NOTFOUND=return] dns myhostname

However, because of the "[!UNAVAIL=return]" introduced with [0],
nothing after "resolve" will actually be tried. This is mostly
harmless, since "resolve" provides a superset of "dns" and
"myhostname", but it breaks mDNS as resolved currently does not resolve
mDNS names like "foo.local".

Please note, that

 a) This bug depends on the order of package installations. Installing 
    libnss-resolve *AFTER* everything else will avoid the problem.
 b) I think the rationale for the change made in [0] is sound, so
    simply reverting the change is not a solution.

IMHO the best solution would be to

 a) Activate the mDNS support in resolved [1] if possible.
 b) Talk to the GNOME/Avahi maintainers and make them recommend libnss-
    resolve instead of the others
 c) Eventually remove libnss-mdns and libnss-myhostname from Debian
    as both aren't really maintained anymore and have been superseded
    by libnss-resolve.

Best regard

Alexander Kurtz

[0] https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5e0095416366eb86590d6e31242097ded5201b3a
[1] https://github.com/systemd/systemd/blob/master/src/resolve/resolved-mdns.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20161204/47a7b058/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list