On Mon, 09 Feb 2026 at 19:49:56 +0100, Aurelien Jarno wrote:
On 2026-02-07 10:50, Simon McVittie wrote:
$ strace -e openat,connect getent hosts remnant.local
...
I think there are two issues with this command:
- You should add a final dot, so that the search is not expanded with
the search domains from /etc/resolv.conf, which libnss-mdns obviously
can't handle and then goes to your configured recursive DNS resolver.
Good catch, that makes sense. Yes, I confirm that with the final dot, I
get one DNS resolution (which you've explained below as the SOA check
for .local, rather than actually resolving remnant.local., so that's
benign) followed by mDNS resolution via Avahi.
- You should use ahosts instead of hosts. hosts uses the deprecated
gethostbyname2() interface, which does explicit lookups with AF_INET
and AF_INET6. The latter is not supported given your nsswitch.conf.
I agree that `getent ahosts` is a better choice than `getent hosts`,
because it replicates the behaviour we'd expect from a modern
application that does an AF_UNSPEC lookup.
Alternatively you should either add mdns6_minimal entry or even better
use mdns_minimal instead (why isn't that the default noawdays?).
mdns_minimal is intentionally not the default because it was observed to
cause long delays (5+ seconds) in legacy software that implements IPv6
by doing one lookup with AF_INET6, followed by a second lookup with
AF_INET only after failure of the first lookup has been reported, in the
scenario where the responding host (remnant.local in my example) is
IPv4-only. In that scenario, it would wait 5 seconds for an IPv6
response that will never happen, and then do a second, IPv4 query which
gets a result immediately.
More modern software that does an AF_UNSPEC lookup, or AF_INET and
AF_INET6 in parallel ("happy eyeballs"), would be OK with mdns_minimal,
but Avahi/nss-mdns upstream specifically asked us not to make that the
default. Because mDNS is inherently a local LAN protocol, the reasons to
prefer IPv6 don't really apply to it: RFC1918 and RFC3927 addresses are
readily available, even if globally-routable IPv4 addresses are not.
mdns6_minimal is only provided for completeness, and is basically
pointless: everyone should use either mdns_minimal or mdns4_minimal.
openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.53")}, 16) = 0
This one is due to libnss-mdns doing a SOA lookup of the .local domain.
This is by design in libnss-mdns, which implements the heuristic
described in https://support.apple.com/en-us/HT201275. This is not
linked with glibc.
Yes, that makes sense. We can tell it's this because it happens after
/etc/hosts is opened, which means it's after the "files" step in
nsswitch.conf.
smcv
