"Roland C. Dowdeswell" <roland.dowdesw...@twosigma.com> writes:
> Note that it states "the domain name of the target host". /etc/hosts > doesn't contain domain names but rather host names. The "hostname" in /etc/hosts can contain periods, and it functions like an FQDN in practice. > It also urges implementors to return the address records in the > Additional Data section. This implies, I think, the addresses are to be > obtained by the implementor probably on the domain name server. My understanding is that Additional Data is a performance optimization in DNS that allows a cache to make fewer queries by anticipating some of the questions it's likely to ask next and letting it pre-cache that data. This information is not used by clients under normal circumstances (dig is not a normal client); in fact, some quick searching seems to indicate that it's often not even exposed by DNS libraries. It's used by the cache to answer subsequent queries (or not if you don't bother to make them). Anyway, I think the standard question is a red herring. You cannot look at DNS standards to figure out whether /etc/hosts should override, because of course /etc/hosts isn't mentioned in DNS standards because it's not part of DNS. I think this is pretty clearly implementation-defined. Nothing in any standard is going to tell you that you MUST connect to an address specified in an A or AAAA record or you're not doing Kerberos; that's not how standards work. They're going to tell you that, for interop with a site specifying Kerberos KDCs in DNS, this is the IP that the SRV record points to and that you should connect to if you want to honor their DNS records, which is fine; that's not what we're discussing. What we're discussing is whether to maintain what has become a valuable UNIX *debugging and override* tool, which of course isn't in the scope of a Kerberos or DNS standard for the same reason that LD_PRELOAD isn't in the scope of a Kerberos or DNS standard. I do see the point that people can override their /etc/krb5.conf instead, and now that I know about this I suspect I will be able to make my systems do the right thing, but /etc/hosts is convenient because it overrides *all software* (as opposed to making you go hunt down some specific config file for each piece of software). I think not honoring it would be unpleasantly surprising. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/>