nss-myhostname resolution problem

sirarch · 2017-01-08 18:16:05

After some recent Arch updates, I am not able to resolve the machine hostname anymore. It has a host.domain set, private IP behind NAT and the public DNS servers in /etc/resolv.conf cannot resolve this name, as expected.

My understanding is that nss-myhostname should be able to do it. /etc/nsswitch.conf seems to have the correct line:
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

hostname and hostnamectl both return correct name information in "host.domain" format.

But if I try "ping host" or "ping host.domain" from the machine itself, it can't resolve to an IP.

How do I troubleshoot this, please? It seems that nss-myhostname is not doing its job and don't really want to add an entry to /etc/hosts.

Thanks for your help.

Last edited by sirarch (2017-01-08 18:18:14)

sirarch · 2017-01-08 19:12:18

It seems the culprit is "resolve" in nsswitch.conf
If I put myhostname before it, it works.

ayekat · 2017-01-08 19:37:26

Is systemd-resolved running, and does your domain happen to end with .local?

sirarch · 2017-01-08 19:42:43

Yes, systemd-resolved.service is running. No, the domain doesn't end in .local, but it's a "short" domain, e.g. host.domain = foo.bar (host=foo, domain=bar)

Even if sstemd-resoved is not running, the man page says that it should chain nss-dns, so should it go to dns, dns won't be able to resolve and go to myhostname?

Not sure I understand what "[!UNAVAIL=return]" is supposed to do.

ayekat · 2017-01-08 20:06:32

sirarch wrote:

No, the domain doesn't end in .local, but it's a "short" domain, e.g. host.domain = foo.bar (host=foo, domain=bar)

Hmm, ok. But nevertheless, try running both of these and see if both fail:

systemd-resolve host.domain
drill host.domain

(note that for `drill`, you will need the ldns package to be installed).
Also see if you can properly resolve the hostname if you stop systemd-resolved.

Even if systemd-resolved is not running, the man page says that it should chain nss-dns, so should it go to dns, dns won't be able to resolve and go to myhostname?

Yes, but I suspect the problem to be elsewhere: each source is queried in the order specified on the line, and if one source returns the status "success", glibc will stop there and return. Otherwise (for "notfound", "unavail" or "tryagain"), glibc will continue with the next source.

However...

Not sure I understand what "[!UNAVAIL=return]" is supposed to do.

resolve [!UNAVAIL=return] overrides that behaviour and makes glibc return at resolve for any status code other than "unavail". ~~I have no clue why one would want to put that into nsswitch.conf, but Arch Linux's default configuration is that way (mostly because upstream recommends it that way)~~ After reading this comment, it does make some sense to me, now. Unfortunately, there is at least one case where this breaks things: if systemd-resolved is unable to resolve an address, it will return the status "notfound", which, with that configuration, will cause glibc to simply return and not continue to dns (even if dns would be able to resolve the name).

Last edited by ayekat (2017-01-08 23:04:38)

sirarch · 2017-01-08 20:25:28

After restarting systemd-resolved, I can now resolve the *short* host, but not the FQDN:

systemd-resolve host : short WORKS
systemd-resolve host.domain : FQDN does NOT work

Now ... if I move myhostname first in nsswitch.conf (just as a test) I can resolve the FQDN, but NOT the short name, which is the opposite of the above ... argh ...

drill returns NXDOMAIN for both short and fqdn, as expected, the servers in /etc/resolv.conf don't known anything about my local names (e.g. Google DNS servers)

At this point I'm lost in all the config files and fallback rules ... so the question is what's a proper way to be able to resolve the local hostname, both short and FQDN forms, without adding a line in /etc/hosts?

Is there a way to tell resolved to do both FQDN and short for the hostname, or at least have it use a specific DNS server for a given domain (e.g. my internal domain which has a local DNS server that responds just for the internal domain)?

Last edited by sirarch (2017-01-08 20:26:22)

sirarch · 2017-01-08 20:34:51

Based on your github issue, if I take out "[!UNAVAIL=return]", it seems to work ... but I get an IPv6 address. Any way to configure it to prefer IPv4?

ayekat · 2017-01-08 21:01:00

sirarch wrote:

drill returns NXDOMAIN for both short and fqdn, as expected

Ah yes, I forgot it's about the local machine's name.

If I'm not mistaken, the FQDN should usually be returned by your (network-internal) DNS server, whereas the short hostname should be returned by your system - but I may be wrong.
Unfortunately I do not have much experience with IPv6, so I'm not quite sure how to solve that - but is it a problem? Does it work if you explicitly query for the IPv4 address?

sirarch · 2017-01-08 21:13:14

I ended up doing what I was trying to avoid: I added a line in /etc/hosts that has both the short and fqdn. Of course, that works well. All the resolve, myhostname stuff looks good on paper and it's a nice attempt to try and solve the problem in a flexible way, but unfortunately it doesn't seem to work well in practice either due to bugs or configuration that is too complicated to get right.

The IPv6 "issue" I solved by setting "LinkLocalAddressing=no" in /etc/systemd/network/wired.network which stops it from assigning an IPv6 link local to the network interface. Not sure whether this may be causing problems down the road, but it seems to do the trick for now.

Thanks a lot for all your help.

bobpaul · 2017-03-29 23:52:19

This was explained on the maillist back in Nov...

[!UNAVAIL=return]

should be changed to

[!NOTFOUND=return]

. From reading, it sounds like it's been fixed upstream, but I just installed freshly today, so clearly it hasn't reached us yet...

Last edited by bobpaul (2017-03-29 23:52:55)

Arch Linux

#1 2017-01-08 18:16:05

nss-myhostname resolution problem

#2 2017-01-08 19:12:18

Re: nss-myhostname resolution problem

#3 2017-01-08 19:37:26

Re: nss-myhostname resolution problem

#4 2017-01-08 19:42:43

Re: nss-myhostname resolution problem

#5 2017-01-08 20:06:32

Re: nss-myhostname resolution problem

#6 2017-01-08 20:25:28

Re: nss-myhostname resolution problem

#7 2017-01-08 20:34:51

Re: nss-myhostname resolution problem

#8 2017-01-08 21:01:00

Re: nss-myhostname resolution problem

#9 2017-01-08 21:13:14

Re: nss-myhostname resolution problem

#10 2017-03-29 23:52:19

Re: nss-myhostname resolution problem

Board footer