Re: correct definition of localhost?
On Sun, Jul 06, 2008 at 05:14:44PM -0700, Steve Langasek wrote:
> On Mon, Jul 07, 2008 at 01:39:37AM +0200, Kurt Roeckx wrote:
>
> > You don't seem to request ipv4 addresses, you request AF_UNSPEC, which
> > should get you both ipv4 and ipv6. You get 127.0.0.1 twice, and ::1 one
> > time.
>
> You'll find that the duplication of 127.0.0.1 is still there if you specify
> AF_INET instead, because the problematic duplication happens when requesting
> records for the ipv4 address family. I left it as AF_UNSPEC in the test
> case to show that the problem exists when using protocol-agnostic best
> practices, which is what slapd does.
I was just confused when reading it, and understood it as only
requesting AF_INET. That was just to make it clear.
> >> - the ::1 address should *not* be special-cased by nss_files. I really
> >> can't perceive any reason why it should be special-cased in the first
> >> place; i.e., why should the files backend behave differently than the DNS
> >> backend, and why would we want names that were specifically assigned to
> >> ::1, including names like "ip6-loopback", to be automatically mapped to
> >> 127.0.0.1?
>
> > I can't find any good reason why it should be changing ::1 to 127.0.0.1.
> > So I think that atleast glibc should stop doing that. In any case, it
> > shouldn't return 127.0.0.1 twice when it's not configured to return
> > it twice.
>
> What do you mean by "configured to return it twice"? Would that mean
> duplicate lines in /etc/hosts (i.e., misconfiguration)?
Yes.
> >> - we should only set up a single 'localhost' entry in /etc/hosts, pointing
> >> at ::1, and let nss_files handle the mapping to 127.0.0.1 automatically.
>
> > - You could also argue that openldap should get fixed to deal with cases
> > where it tries to bind to the same ip/port twice. On the other hand,
> > I don't think it a normal case, and I think it's unlikely that people
> > would set up dns to have 2 times the same IP address and then try
> > to bind to that hostname.
>
> Well, as I said before,
>
> >> I don't think it's the responsibility of callers such as slapd to check that
> >> getaddrinfo() hasn't returned duplicate entries [...]
>
> so if you have an argument of why extra complexity should be added to the
> caller to deal with duplicate records which, one way or another, should not
> exist (IMHO), I'm interested to hear it.
The only case I can come up with would be misconfiguration, which I
don't think is a good reason.
Kurt
Reply to: