[Pkg-utopia-maintainers] Bug#1127331: libnss-mdns: mDNS resolution fails with glibc 2.41 - NSS module rejected due to missing symbols

황병주 pjhwang at gmail.com
Sat Feb 7 01:54:21 GMT 2026 

Package: libnss-mdns
Version: 0.15.1-4+b1
Severity: important
Tags: trixie

mDNS name resolution via libnss-mdns is completely broken on Debian trixie
with glibc 2.41. The NSS module is loaded but never called, causing .local
hostnames to fall through to DNS instead of being resolved via mDNS.

** Background **

glibc 2.41 changed NSS module loading to resolve all possible NSS function
symbols at load time (not just the ones relevant to the requested database).
Since libnss-mdns only provides hosts-related functions, glibc fails to find
symbols like _nss_mdns4_minimal_getpwnam_r, _nss_mdns4_minimal_getgrent_r,
etc., and marks every missing symbol as "fatal". As a result, the module is
effectively treated as UNAVAIL, and the [NOTFOUND=return] directive in
nsswitch.conf is never triggered.

** Steps to reproduce **

1. Install libnss-mdns and avahi-daemon on Debian trixie (glibc 2.41).
2. Ensure /etc/nsswitch.conf contains:
   hosts: files mdns4_minimal [NOTFOUND=return] dns
3. Have another host advertising via mDNS on the local network.
4. Run: getent hosts <hostname>.local

** Expected result **

The .local hostname is resolved via mDNS (e.g., 192.168.0.25).

** Actual result **

The hostname is resolved via DNS, returning an incorrect address (in my
case,
an ISP DNS hijacking address 218.38.137.27 instead of 192.168.0.25).

** Diagnosis **

avahi-daemon and the avahi socket work correctly:

  $ avahi-resolve -4 -n pluto.local
  pluto.local     192.168.0.25

  $ echo "RESOLVE-HOSTNAME-IPV4 pluto.local" | nc -U
/run/avahi-daemon/socket
  + 2 0 pluto.local 192.168.0.25

But NSS-based resolution bypasses mDNS entirely:

  $ getent hosts pluto.local
  218.38.137.27   pluto.local

strace confirms the .so files are loaded but no avahi socket connection is
attempted — the process goes straight to DNS:

  $ strace -e trace=openat,connect getent hosts pluto.local
  (opens libnss_mdns4_minimal.so.2 successfully)
  (opens libnss_mdns6_minimal.so.2 successfully)
  (no AF_UNIX connect to /run/avahi-daemon/socket)
  (connects to DNS server on port 53)

LD_DEBUG reveals the root cause — glibc tries to resolve all NSS functions
and marks each missing one as fatal:

  $ LD_DEBUG=symbols getent hosts pluto.local 2>&1 | grep fatal | head -5
  symbol=_nss_mdns4_minimal_endaliasent; ... undefined symbol (fatal)
  symbol=_nss_mdns4_minimal_endetherent; ... undefined symbol (fatal)
  symbol=_nss_mdns4_minimal_endgrent; ... undefined symbol (fatal)
  symbol=_nss_mdns4_minimal_endhostent; ... undefined symbol (fatal)
  symbol=_nss_mdns4_minimal_endnetent; ... undefined symbol (fatal)

The library only exports hosts-related symbols, which is expected:

  $ nm -D /lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2 | grep ' T '
  _nss_mdns4_minimal_gethostbyaddr_r
  _nss_mdns4_minimal_gethostbyname2_r
  _nss_mdns4_minimal_gethostbyname3_r
  _nss_mdns4_minimal_gethostbyname4_r
  _nss_mdns4_minimal_gethostbyname_r

Note: The same libnss-mdns version works correctly on Ubuntu 24.04 which
ships glibc 2.39, confirming that this is a glibc 2.41 compatibility issue.

** Possible fix **

Either libnss-mdns needs to be rebuilt/patched to be compatible with glibc
2.41's new module loading behavior, or this may need to be addressed on the
glibc side as a backward compatibility regression. I'm filing against
libnss-mdns first, but please reassign to glibc if appropriate.


-- System Information:
Debian Release: 13.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.63+deb13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libnss-mdns depends on:
ii  libc6  2.41-12+deb13u1

Versions of packages libnss-mdns recommends:
ii  avahi-daemon  0.8-16

Versions of packages libnss-mdns suggests:
ii  avahi-autoipd  0.8-16

-- no debconf information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20260207/756468c5/attachment.htm>

More information about the Pkg-utopia-maintainers mailing list