Bug 2113979 - With the current versions mdns fails to be added to nsswitch.conf on installation of nss-mdns
Summary: With the current versions mdns fails to be added to nsswitch.conf on installa...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nss-mdns
Version: epel9
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-08-02 13:20 UTC by Roger Sewell
Modified: 2022-10-02 00:40 UTC (History)
4 users (show)

Fixed In Version: nss-mdns-0.15.1-3.1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-10-02 00:40:31 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Roger Sewell 2022-08-02 13:20:40 UTC
Description of problem: Since upgrading to 9.0, installation of nss-mdns does not result in mdns or mdns4 being added to the hosts: line of user-nsswitch.conf and nsswitch.conf in /etc/authselect .


Version-Release number of selected component (if applicable):

nss-mdns-0.15.1-3.el9.x86_64.rpm
authselect-1.2.3-7.el9.x86_64

How reproducible: Always.

Steps to Reproduce:

1. Check that nss-mdns is not installed (and if it is, then erase it).

2. Check that /etc/authselect/user-nsswitch.conf and /etc/authselect/nsswitch.conf do not contains mdns on the hosts: line (and if they do then remove them from user-nsswitch.conf and run authselect apply-changes).

3. Install nss-mdns

Actual results:

Observe that /etc/authselect/user-nsswitch.conf and nsswitch.conf still don't have mdns or the like on the hosts: line.

Expected results:

Find mdns, mdns4, or mdns4-minimal on the hosts: line of these files.

Additional info:

The problem appears to be that the scripts for installing nss-mdns call

authselect enable-feature with-mdns

and dump the output of this command to /dev/null. But if you run this command on its own with the above package versions, authselect tells you that there is no such feature to enable; so a different means of achieving this setting is needed.

If you manually add mdns or mdns4 to the hosts: line of user-nsswitch.conf and run authselect apply-changes then mdns works properly; if you just install nss-mdns with the above versions then mdns fails to resolve local printers (and probably a lot else also).

I'm filing this bug under nss-mdns because authselect already claimed there was no such feature in 8.6 . But obviously you may feel that the problem lies with authselect for not recognising this feature - if so I'd be grateful if you'd file the bug with them instead.

Comment 1 Troy Dawson 2022-09-23 14:48:14 UTC
The problem is in the files /usr/share/authselect/default/{minimal,sssd,winbind}/nsswitch.conf provided by authselect-libs.

If you look at the RHEL9 authselect version (1.2.3 / 1.2.5) you will not see any mdns settings.
If you look at the later Fedora authselect versions (1.3.0 + ) you will see that they have mdns settings.  Although there was a bug in them until 1.3.0-10.

I believe this is a authselect bug.

Comment 2 Troy Dawson 2022-09-23 14:52:47 UTC
This got me thinking, what did we do before mdns was available.  And there they are, the scripts from epel8, and older fedora nss-mdns.

I'll try putting those scripts on the epel9 version of nss-mdns and see what happens.

Comment 3 Fedora Update System 2022-09-23 15:44:05 UTC
FEDORA-EPEL-2022-a0b4a13ff9 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a0b4a13ff9

Comment 4 Fedora Update System 2022-09-24 03:19:28 UTC
FEDORA-EPEL-2022-a0b4a13ff9 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a0b4a13ff9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Roger Sewell 2022-09-24 11:47:32 UTC
Troy, Pavel,

First, to confirm that your mod to the .spec file of this package has fixed the problem for me - thank you.

Second, as I'm sure you know, instead of adding mdns4 to the hosts: line of nsswitch.conf, this adds

mdns4-minimal [NOTFOUND=return]

after files and before dns myhostname.

I am having trouble understanding what [NOTFOUND=return] does. From reading the man pages it would appear that if the name being looked up isn't found by mdns4-minimal it should abandon looking for that name. But instead it appears to go on and look in subsequent entries. Can you please fix my misunderstanding ?

Specific example: a hostname that has been blocked from DNS by my ISP is provided in /etc/hosts ; if I change the relevant line from

hosts: files mdns4-minimal [NOTFOUND=return] dns myhostname

to 

hosts: mdns4-minimal [NOTFOUND=return] files dns myhostname

in user-nsswitch.conf and run authselect apply-changes, and ping the hostname only known in /etc/hosts, it still finds it, even though I would expect mdns4-minimal to have returned NOTFOUND; but if I remove files from the list altogether, it doesn't find it, so mdns4-minimal is indeed not finding it.

Clarification of my misunderstanding would be very welcome - thank you !
Roger.

Comment 6 Roger Sewell 2022-09-24 12:58:40 UTC
Answering my own question:

mdns4-minimal only handles requests for names ending in .local; for all others it returns UNAVAIL, not NOTFOUND. So the effect of using mdns4-minimal rather than mdns4 is that it doesn't waste time looking for names on the wider network if the name ends in .local; moreover the further effect of [NOTFOUND=return] is that if the name does end in .local, it isn't offered to dns or myhostname .

Thank you - this bug is sorted as far as I'm concerned.

Comment 7 Troy Dawson 2022-09-26 13:38:21 UTC
Thank you for the confirmation, as well as answering your own question.
I always appreciate it when people do that.

Comment 8 Fedora Update System 2022-10-02 00:40:31 UTC
FEDORA-EPEL-2022-a0b4a13ff9 has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.