2103903 – Build Authselect with '--with-mdns4' and '--with-mdns6' for IPv6 only network

Bug 2103903 - Build Authselect with '--with-mdns4' and '--with-mdns6' for IPv6 only network

Summary: Build Authselect with '--with-mdns4' and '--with-mdns6' for IPv6 only network

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nss-mdns
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	---
Assignee:	Petr Menšík
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-07-05 08:43 UTC by David Timber
Modified:	2024-11-02 15:55 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	lathiat nss-mdns issues 83	0	None	open	Parallel queries for IPv4 and IPv6 should be done by mdns_minimal	2023-04-14 11:36:00 UTC

Description David Timber 2022-07-05 08:43:55 UTC

Description of problem:

/etc/nsswitch.conf contains following line:

```
hosts: ... mdns4_minimal ...
```

limiting GLibc to using A queries only. Applications linking GLibc as their CRT are not able to query any .local records on the network is IPv6 only or the hosts with IPv6 addresses only. 

The nsswitch.conf that comes with Fedora 36 only enables 'mdns4_minimal'. Using 'mdns_minimal' instead solves this issue. The config can be built by passing both '--with-mdns4' and '--with-mdns6' to the configure script.

See following code for detail:

https://github.com/authselect/authselect/blob/9af5f24db0ad50349fe823c8fe5ab83445251491/profiles/sssd/nsswitch.conf


Version-Release number of selected component (if applicable):

- authselect-libs-1.4.0-1.fc36
- avahi-0.8-15.fc36

Comment 1 Pavel Březina 2022-07-08 11:29:23 UTC

Moving to nss-mdns.

As you already said, authselect support with-mdns4 and with-mdns6 which enables required modules. If both option are provided then mdns_minimal is used. However, this is automatically configured from nss_mdns as %postin scriptlet when the package is installed so if you want to change the default, it needs to be changed there. (Authselect default is without mdns support as the module does not have to be always installed).

Comment 2 Petr Menšík 2023-04-14 11:36:00 UTC

The problem with this is indeed in nss-mdns. I have filled upstream issue [1] for it. If both queries to IPv4 and IPv6 should be enabled, it takes quite long when the requested name does not respond. Or it does respond on only one of families. Which I believe is still common.

I think we should enable mdns_minimal instead, but first we should fix nss-mdns to send just single search to avahi-daemon. And avahi-daemon should be able to do search in parallel way and without significant timeout if only one address family is supported by the host. Unfortunately no such functionality is offered by avahi package at the moment.

Resetting to rawhide, because the problem is still present on latest Fedora.

[1] https://github.com/lathiat/nss-mdns/issues/83

Comment 3 Petr Menšík 2023-04-14 11:39:35 UTC

Alternatives could be at least per-connection configuration done in Network Manager. But that again needs feature not offered yet by avahi-daemon. It has no reconfiguration of interfaces used via DBus, so cannot be changed per-connection.

Note You need to log in before you can comment on or make changes to this bug.