]> git.ipfire.org Git - thirdparty/systemd.git/blobdiff - man/nss-myhostname.xml
projects / thirdparty / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #16585 from yuwata/network-dhcp6-fixes
[thirdparty/systemd.git] / man / nss-myhostname.xml
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml
index 908c91eb7cdb00e362b436f0944ec4db9c35a9f1..a41c383bb33ba2de455f84cfe4fb48500e90d5ad 100644 (file)
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@@ -18,8 +18,7 @@
   <refnamediv>
     <refname>nss-myhostname</refname>
     <refname>libnss_myhostname.so.2</refname>
-    <refpurpose>Provide hostname resolution for the locally
-    configured system hostname.</refpurpose>
+    <refpurpose>Hostname resolution for the locally configured system hostname</refpurpose>
   </refnamediv>
 
   <refsynopsisdiv>
@@ -67,9 +66,13 @@
     <para>To activate the NSS modules, add <literal>myhostname</literal> to the line starting with
     <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
-    <para>It is recommended to place <literal>myhostname</literal> last in the <filename>nsswitch.conf</filename>'
-    <literal>hosts:</literal> line to make sure that this mapping is only used as fallback, and that any DNS or
-    <filename>/etc/hosts</filename> based mapping takes precedence.</para>
+    <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
+    and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the
+    first version, well-known names like <literal>localhost</literal> and the machine hostname are given
+    higher priority than the external configuration. This is recommended when the external DNS servers and
+    network are not absolutely trusted. In the second version, external configuration is given higher
+    priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable
+    in closely controlled networks, for example on a company LAN.</para>
   </refsect1>
 
   <refsect1>
@@ -79,11 +82,14 @@
     <command>nss-myhostname</command> correctly:</para>
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-<programlisting>passwd:         compat mymachines systemd
-group:          compat mymachines systemd
+<programlisting>passwd:         compat systemd
+group:          compat systemd
 shadow:         compat
 
-hosts:          files mymachines resolve [!UNAVAIL=return] dns <command>myhostname</command>
+# Either (untrusted network):
+hosts:          mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns
+# Or (only trusted networks):
+hosts:          mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
 networks:       files
 
 protocols:      db files
Unnamed repository; edit this file 'description' to name the repository.