[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: correct definition of localhost?

On Sun, Jul 06, 2008 at 05:14:44PM -0700, Steve Langasek wrote:
> On Mon, Jul 07, 2008 at 01:39:37AM +0200, Kurt Roeckx wrote:
> > You don't seem to request ipv4 addresses, you request AF_UNSPEC, which
> > should get you both ipv4 and ipv6.  You get twice, and ::1 one
> > time.
> You'll find that the duplication of is still there if you specify
> AF_INET instead, because the problematic duplication happens when requesting
> records for the ipv4 address family.  I left it as AF_UNSPEC in the test
> case to show that the problem exists when using protocol-agnostic best
> practices, which is what slapd does.

I was just confused when reading it, and understood it as only
requesting AF_INET.  That was just to make it clear.

> >> - the ::1 address should *not* be special-cased by nss_files.  I really
> >>   can't perceive any reason why it should be special-cased in the first
> >>   place; i.e., why should the files backend behave differently than the DNS
> >>   backend, and why would we want names that were specifically assigned to
> >>   ::1, including names like "ip6-loopback", to be automatically mapped to
> >>
> > I can't find any good reason why it should be changing ::1 to
> > So I think that atleast glibc should stop doing that.  In any case, it
> > shouldn't return twice when it's not configured to return
> > it twice.
> What do you mean by "configured to return it twice"?  Would that mean
> duplicate lines in /etc/hosts (i.e., misconfiguration)?


> >> - we should only set up a single 'localhost' entry in /etc/hosts, pointing
> >>   at ::1, and let nss_files handle the mapping to automatically.
> > - You could also argue that openldap should get fixed to deal with cases
> >   where it tries to bind to the same ip/port twice.  On the other hand,
> >   I don't think it a normal case, and I think it's unlikely that people
> >   would set up dns to have 2 times the same IP address and then try
> >   to bind to that hostname.
> Well, as I said before,
> >> I don't think it's the responsibility of callers such as slapd to check that
> >> getaddrinfo() hasn't returned duplicate entries [...]
> so if you have an argument of why extra complexity should be added to the
> caller to deal with duplicate records which, one way or another, should not
> exist (IMHO), I'm interested to hear it.

The only case I can come up with would be misconfiguration, which I
don't think is a good reason.


Reply to: