From: Zbigniew Jędrzejewski-Szmek Date: Wed, 15 Apr 2020 16:05:39 +0000 (+0200) Subject: man: move "files" after "resolve" in the suggested configuration X-Git-Tag: v246-rc1~580^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=44b7aedbde8b30825ee1dbf47346d21007a1a417;p=thirdparty%2Fsystemd.git man: move "files" after "resolve" in the suggested configuration resolved caches files, so we should move nss-files after nss-resolve to speed up local access (and yes, people like to have thousands of lines in /etc/hosts). See https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/LCX6YXLM62QEYJSOLJBWXXVXTZVL73GI/ for the background. --- diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml index 908c91eb7cd..9a1125caae3 100644 --- a/man/nss-myhostname.xml +++ b/man/nss-myhostname.xml @@ -83,7 +83,7 @@ group: compat mymachines systemd shadow: compat -hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname +hosts: mymachines resolve [!UNAVAIL=return] files dns myhostname networks: files protocols: db files diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml index 40b0abee344..71865874dd9 100644 --- a/man/nss-mymachines.xml +++ b/man/nss-mymachines.xml @@ -69,7 +69,7 @@ group: compat mymachines systemd shadow: compat -hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname +hosts: mymachines resolve [!UNAVAIL=return] files dns myhostname networks: files protocols: db files diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml index e4ea4e18982..5c8b7458816 100644 --- a/man/nss-resolve.xml +++ b/man/nss-resolve.xml @@ -34,14 +34,15 @@ name resolution service. It replaces the nss-dns plug-in module that traditionally resolves hostnames via DNS. - To activate the NSS module, add resolve to the line starting with - hosts: in /etc/nsswitch.conf. Specifically, it is recommended to place - resolve early in /etc/nsswitch.conf's hosts: line (but - after the files or mymachines entries), right before the - dns entry if it exists, followed by [!UNAVAIL=return], to ensure DNS queries - are always routed via - systemd-resolved8 if it is - running, but are routed to nss-dns if this service is not available. + To activate the NSS module, add resolve [!UNAVAIL=return] to the line starting + with hosts: in /etc/nsswitch.conf. Specifically, it is + recommended to place resolve early in /etc/nsswitch.conf's + hosts: line. It should be before the files entry, since + systemd-resolved supports /etc/hosts internally, but with + caching. To the contrary, it should be after mymachines, to give hostnames given to + local VMs and containers precedence over names received over DNS. Finally, we recommend placing + dns somewhere after resolve, to fall back to + nss-dns if systemd-resolved.service is not available. Note that systemd-resolved will synthesize DNS resource records in a few cases, for example for localhost and the @@ -66,7 +67,7 @@ group: compat mymachines systemd shadow: compat -hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname +hosts: mymachines resolve [!UNAVAIL=return] files dns myhostname networks: files protocols: db files diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml index e343c406f29..a5b3de73e72 100644 --- a/man/nss-systemd.xml +++ b/man/nss-systemd.xml @@ -65,7 +65,7 @@ group: compat [SUCCESS=merge] mymachines [SUCCESS=merge] systemd shadow: compat -hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname +hosts: mymachines resolve [!UNAVAIL=return] files dns myhostname networks: files protocols: db files