<refnamediv>
<refname>nss-myhostname</refname>
<refname>libnss_myhostname.so.2</refname>
- <refpurpose>Provide hostname resolution for the locally
- configured system hostname.</refpurpose>
+ <refpurpose>Hostname resolution for the locally configured system hostname</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para>To activate the NSS modules, add <literal>myhostname</literal> to the line starting with
<literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
- <para>It is recommended to place <literal>myhostname</literal> last in the <filename>nsswitch.conf</filename>'
- <literal>hosts:</literal> line to make sure that this mapping is only used as fallback, and that any DNS or
- <filename>/etc/hosts</filename> based mapping takes precedence.</para>
+ <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
+ and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the
+ first version, well-known names like <literal>localhost</literal> and the machine hostname are given
+ higher priority than the external configuration. This is recommended when the external DNS servers and
+ network are not absolutely trusted. In the second version, external configuration is given higher
+ priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable
+ in closely controlled networks, for example on a company LAN.</para>
</refsect1>
<refsect1>
<command>nss-myhostname</command> correctly:</para>
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-<programlisting>passwd: compat mymachines systemd
-group: compat mymachines systemd
+<programlisting>passwd: compat systemd
+group: compat systemd
shadow: compat
-hosts: files mymachines resolve [!UNAVAIL=return] dns <command>myhostname</command>
+# Either (untrusted network):
+hosts: mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns
+# Or (only trusted networks):
+hosts: mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
networks: files
protocols: db files