Bug 2113979

Summary: With the current versions mdns fails to be added to nsswitch.conf on installation of nss-mdns
Product: [Fedora] Fedora EPEL Reporter: Roger Sewell <roger.sewell>
Component: nss-mdnsAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: epel9CC: adam, lkundrak, mzeuom, tdawson
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: nss-mdns-0.15.1-3.1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-10-02 00:40:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Roger Sewell 2022-08-02 13:20:40 UTC
Description of problem: Since upgrading to 9.0, installation of nss-mdns does not result in mdns or mdns4 being added to the hosts: line of user-nsswitch.conf and nsswitch.conf in /etc/authselect .

Version-Release number of selected component (if applicable):


How reproducible: Always.

Steps to Reproduce:

1. Check that nss-mdns is not installed (and if it is, then erase it).

2. Check that /etc/authselect/user-nsswitch.conf and /etc/authselect/nsswitch.conf do not contains mdns on the hosts: line (and if they do then remove them from user-nsswitch.conf and run authselect apply-changes).

3. Install nss-mdns

Actual results:

Observe that /etc/authselect/user-nsswitch.conf and nsswitch.conf still don't have mdns or the like on the hosts: line.

Expected results:

Find mdns, mdns4, or mdns4-minimal on the hosts: line of these files.

Additional info:

The problem appears to be that the scripts for installing nss-mdns call

authselect enable-feature with-mdns

and dump the output of this command to /dev/null. But if you run this command on its own with the above package versions, authselect tells you that there is no such feature to enable; so a different means of achieving this setting is needed.

If you manually add mdns or mdns4 to the hosts: line of user-nsswitch.conf and run authselect apply-changes then mdns works properly; if you just install nss-mdns with the above versions then mdns fails to resolve local printers (and probably a lot else also).

I'm filing this bug under nss-mdns because authselect already claimed there was no such feature in 8.6 . But obviously you may feel that the problem lies with authselect for not recognising this feature - if so I'd be grateful if you'd file the bug with them instead.

Comment 1 Troy Dawson 2022-09-23 14:48:14 UTC
The problem is in the files /usr/share/authselect/default/{minimal,sssd,winbind}/nsswitch.conf provided by authselect-libs.

If you look at the RHEL9 authselect version (1.2.3 / 1.2.5) you will not see any mdns settings.
If you look at the later Fedora authselect versions (1.3.0 + ) you will see that they have mdns settings.  Although there was a bug in them until 1.3.0-10.

I believe this is a authselect bug.

Comment 2 Troy Dawson 2022-09-23 14:52:47 UTC
This got me thinking, what did we do before mdns was available.  And there they are, the scripts from epel8, and older fedora nss-mdns.

I'll try putting those scripts on the epel9 version of nss-mdns and see what happens.

Comment 3 Fedora Update System 2022-09-23 15:44:05 UTC
FEDORA-EPEL-2022-a0b4a13ff9 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a0b4a13ff9

Comment 4 Fedora Update System 2022-09-24 03:19:28 UTC
FEDORA-EPEL-2022-a0b4a13ff9 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a0b4a13ff9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Roger Sewell 2022-09-24 11:47:32 UTC
Troy, Pavel,

First, to confirm that your mod to the .spec file of this package has fixed the problem for me - thank you.

Second, as I'm sure you know, instead of adding mdns4 to the hosts: line of nsswitch.conf, this adds

mdns4-minimal [NOTFOUND=return]

after files and before dns myhostname.

I am having trouble understanding what [NOTFOUND=return] does. From reading the man pages it would appear that if the name being looked up isn't found by mdns4-minimal it should abandon looking for that name. But instead it appears to go on and look in subsequent entries. Can you please fix my misunderstanding ?

Specific example: a hostname that has been blocked from DNS by my ISP is provided in /etc/hosts ; if I change the relevant line from

hosts: files mdns4-minimal [NOTFOUND=return] dns myhostname


hosts: mdns4-minimal [NOTFOUND=return] files dns myhostname

in user-nsswitch.conf and run authselect apply-changes, and ping the hostname only known in /etc/hosts, it still finds it, even though I would expect mdns4-minimal to have returned NOTFOUND; but if I remove files from the list altogether, it doesn't find it, so mdns4-minimal is indeed not finding it.

Clarification of my misunderstanding would be very welcome - thank you !

Comment 6 Roger Sewell 2022-09-24 12:58:40 UTC
Answering my own question:

mdns4-minimal only handles requests for names ending in .local; for all others it returns UNAVAIL, not NOTFOUND. So the effect of using mdns4-minimal rather than mdns4 is that it doesn't waste time looking for names on the wider network if the name ends in .local; moreover the further effect of [NOTFOUND=return] is that if the name does end in .local, it isn't offered to dns or myhostname .

Thank you - this bug is sorted as far as I'm concerned.

Comment 7 Troy Dawson 2022-09-26 13:38:21 UTC
Thank you for the confirmation, as well as answering your own question.
I always appreciate it when people do that.

Comment 8 Fedora Update System 2022-10-02 00:40:31 UTC
FEDORA-EPEL-2022-a0b4a13ff9 has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.