Fedora 35 hosts: files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns Fedora 36 (Fedora-Workstation-Live-x86_64-Rawhide-20220208.n.0.iso) hosts: files mdns4_minimal resolve [!UNAVAIL=return] myhostname dns authselect-1.3.0-9.fc36.x86_64 It should be the same as Fedora 35. This is probably fallout from the "enforce authselect configuration consistency" change proposal. See this desktop@ thread discussion: https://lists.fedoraproject.org/archives/list/desktop@lists.fedoraproject.org/thread/A33A4IUTX4ZLB26UK6JWUKQBBUAPNGW3/#5TTZFPGVCS7JJTXBZGHH23MRIEFCKIF3
Basically the problem here is: autselect hosts configuration doesn't match what we were previously doing via rpm scriptlets. In case of myhostname, we discovered that we needed to move it and never bothered to update authselect because it didn't matter prior to the "enforce authselect configuration consistency" change. In the case of mdns4_minimal, I'm not sure went wrong, but the [NOTFOUND=return] is required.
I actually saw these differences so I checked with respective people to confirm authselect variant is ok, but apparently I got incorrect information. So, to settle it once and for all (hopefully), we want: - without mdns: files myhostname resolve [!UNAVAIL=return] dns - with mdns files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns Is this correct?
Yes, that is exactly correct. In the future, we will eventually want this: files resolve [!UNAVAIL=return] myhostname mdns4_minimal [NOTFOUND=return] dns But for the time being, systemd-resolved's mDNS support is still broken, so we cannot do that yet.
Do you remember why it is important to have myhostname before mdns? Can one of you please try https://koji.fedoraproject.org/koji/taskinfo?taskID=82632840 PR https://github.com/authselect/authselect/pull/294
(In reply to Pavel Březina from comment #4) > Do you remember why it is important to have myhostname before mdns? Otherwise, your own hostname and also "localhost" are both resolved via mDNS before they are resolved locally, see bug #1943199. > Can one of you please try > https://koji.fedoraproject.org/koji/taskinfo?taskID=82632840 > PR https://github.com/authselect/authselect/pull/294 I'll punt this to Chris. :)
I installed authselect-1.3.0-10.fc36.x86_64 but /etc/nsswitch.conf still has: hosts: files myhostname resolve [!UNAVAIL=return] dns I ran authselect apply-changes and it's unchanged.
I'm not sure what was your original state, myhostname is now before resolve so changes were clearly applied. To enable mdns run authselect enable-feature with-mdns4. nss-mdns4 package installation should also do it for you.
Original state of nsswitch.conf before c6 is: hosts: files resolve [!UNAVAIL=return] myhostname dns nss-mdns-0.15.1-4.fc36.x86_64 is already installed on this system. After I run `sudo authselect enable-feature with-mdns4` nsswitch.conf shows hosts: files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns And now mdns resolution is working, so how do we make sure this is the default out of the box behavior? I don't know about any of the other editions, but Workstation edition and the desktop spins definitely expect mdns to work out of the box, not least of which is it's an IPP Everywhere printing requirement.
nss-mdns calls 'authselect enable-feature with-mdns4' in %posttrans scriptlet: https://src.fedoraproject.org/fork/pbrezina/rpms/nss-mdns/blob/rawhide/f/nss-mdns.spec#_45 So once you install nss-mdns it should do the change automatically.
>So once you install nss-mdns it should do the change automatically. Like I said, it's already installed on the Live ISO media. I guess once authselect-1.3.0-10.fc36 goes stable, the next compose will have it, and the installation of nss-mdns during live compose will create an nsswitch.conf that has mdns4 in the hosts: line, and so too will any subsequent installation of that ISO.
(In reply to Chris Murphy from comment #10) > >So once you install nss-mdns it should do the change automatically. > > Like I said, it's already installed on the Live ISO media. I guess once > authselect-1.3.0-10.fc36 goes stable, the next compose will have it, and the > installation of nss-mdns during live compose will create an nsswitch.conf > that has mdns4 in the hosts: line, and so too will any subsequent > installation of that ISO. If not, please, open bug against nss-mdns and assign it to me. It might be necessary to add Requires: authselect if it gets installed before PAM. Or add authselect by default to the compose as well.
(In reply to Pavel Březina from comment #11) > It might be > necessary to add Requires: authselect if it gets installed before PAM. This seems like the safest approach IMO. Ditto for any other package that is able to configure authselect.
I agree: https://src.fedoraproject.org/rpms/nss-mdns/pull-request/7 https://src.fedoraproject.org/rpms/nss-mdns/pull-request/8
This is still a bug following a clean install of Fedora-Workstation-Live-x86_64-36-20220220.n.0.iso $ ssh chris ssh: Could not resolve hostname fnuc.local: Temporary failure in name resolution $ grep hosts /etc/nsswitch.conf hosts: files myhostname resolve [!UNAVAIL=return] dns $ rpm -q authselect nss nss-mdns authselect-1.3.0-10.fc36.x86_64 nss-3.75.0-1.fc36.x86_64 nss-mdns-0.15.1-4.fc36.x86_64
Proposed as a Blocker for 36-final by Fedora user chrismurphy using the blocker tracking app because: mDNS needs to work for IPP Everywhere printing to discover and setup printers https://fedoraproject.org/wiki/Fedora_35_Final_Release_Criteria#Printing
I opened https://bugzilla.redhat.com/show_bug.cgi?id=2056927 against nss-mdns. imho that should be the blocker and we can close this bz.