diff options
| author | Florian Klink <flokli@flokli.de> | 2021-07-01 22:11:27 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-07-23 11:59:26 +0200 |
| commit | 21423efc5852194ba3bf2bbc8067258e35c1558d (patch) | |
| tree | b6ee9737e2262b031a321fd171d3370422ca8b8a | |
| parent | f3af6ba86c1128ccf6d6f896f70c22f9645a51c5 (diff) | |
| download | systemd-21423efc5852194ba3bf2bbc8067258e35c1558d.tar.gz | |
man: stop recommending putting myhostname after dns
nss-resolve also looks in /etc/hosts, and has the same local hostname
resolving logic as nss-myhostname. We shouldn't recommend another order
than nss-resolve uses internally.
When nss-resolve is used, there's no possibility to override
nss-myhostname hosts via DNS *anyway*.
On top of that, it's not a good idea to allow DNS to override local
hostnames as all - at least not something we should advertise in the
docs.
Followup of f918c67d38ba6ccd4eb0dc657f3f3155e5010cae /
https://github.com/systemd/systemd/pull/16754.
(cherry picked from commit ce266330fc3bd6767451ac3400336cd9acebe9c1)
| -rw-r--r-- | man/nss-myhostname.xml | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml index 98eb0ec77e..4a33149a73 100644 --- a/man/nss-myhostname.xml +++ b/man/nss-myhostname.xml @@ -73,13 +73,12 @@ <para>To activate the NSS modules, add <literal>myhostname</literal> to the line starting with <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para> - <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal> - and "traditional" modules like <literal>dns</literal>, or after them. In the first version, well-known - names like <literal>localhost</literal> and the machine hostname are given higher priority than the - external configuration. This is recommended when the external DNS servers and network are not absolutely - trusted. In the second version, external configuration is given higher priority and - <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable in closely - controlled networks, for example on a company LAN.</para> + <para>It is recommended to place <literal>myhostname</literal> after <literal>file</literal> and before <literal>dns</literal>. + This resolves well-known hostnames like <literal>localhost</literal> + and the machine hostnames locally. It is consistent with the behaviour + of <command>nss-resolve</command>, and still allows overriding via + <filename>/etc/hosts</filename>. + </para> </refsect1> <refsect1> @@ -95,10 +94,7 @@ shadow: compat systemd gshadow: files systemd -# Either (untrusted network, see above): hosts: mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns -# Or (only trusted networks): -hosts: mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command> networks: files protocols: db files |