[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: correct definition of localhost?



On Mon, Jul 07, 2008 at 01:39:37AM +0200, Kurt Roeckx wrote:

> You don't seem to request ipv4 addresses, you request AF_UNSPEC, which
> should get you both ipv4 and ipv6.  You get 127.0.0.1 twice, and ::1 one
> time.

You'll find that the duplication of 127.0.0.1 is still there if you specify
AF_INET instead, because the problematic duplication happens when requesting
records for the ipv4 address family.  I left it as AF_UNSPEC in the test
case to show that the problem exists when using protocol-agnostic best
practices, which is what slapd does.

>> - the ::1 address should *not* be special-cased by nss_files.  I really
>>   can't perceive any reason why it should be special-cased in the first
>>   place; i.e., why should the files backend behave differently than the DNS
>>   backend, and why would we want names that were specifically assigned to
>>   ::1, including names like "ip6-loopback", to be automatically mapped to
>>   127.0.0.1?

> I can't find any good reason why it should be changing ::1 to 127.0.0.1.
> So I think that atleast glibc should stop doing that.  In any case, it
> shouldn't return 127.0.0.1 twice when it's not configured to return
> it twice.

What do you mean by "configured to return it twice"?  Would that mean
duplicate lines in /etc/hosts (i.e., misconfiguration)?

>> - we should only set up a single 'localhost' entry in /etc/hosts, pointing
>>   at ::1, and let nss_files handle the mapping to 127.0.0.1 automatically.

> - You could also argue that openldap should get fixed to deal with cases
>   where it tries to bind to the same ip/port twice.  On the other hand,
>   I don't think it a normal case, and I think it's unlikely that people
>   would set up dns to have 2 times the same IP address and then try
>   to bind to that hostname.

Well, as I said before,

>> I don't think it's the responsibility of callers such as slapd to check that
>> getaddrinfo() hasn't returned duplicate entries [...]

so if you have an argument of why extra complexity should be added to the
caller to deal with duplicate records which, one way or another, should not
exist (IMHO), I'm interested to hear it.

As for DNS, at least in the case of bind I find that duplicate records are
weeded out by the server.  If you can suggest a DNS server that would not
condense the duplicate records, I'd be happy to test to see what the
behavior of nss_dns is.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org


Reply to: