On Mon 25 Oct 2021 at 14:11:34 (+0200), William Edwards wrote: > This is the line for hosts in my nsswitch.conf: > > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > > Both 'files' and 'mdns4_minimal' return NOTFOUND for a lookup: > > root@http-lyr01:~# getent -s hosts:files hosts williamedwards.nl > root@http-lyr01:~# echo $? > 2 > root@http-lyr01:~# getent -s hosts:mdns4_minimal hosts > williamedwards.nl > root@http-lyr01:~# echo $? > 2 > > Quoting the 'exit status' section in getent(1): > > 2 One or more supplied key could not be found in the database. > > However, the 'dns' database (which comes *after* the return statement) > is also used, as my lookup succeeds with the result that the 'dns' > database returns. > > Could anyone explain why that is? I would expect the lookup to fail > because of the 'NOTFOUND=return'.
I've not found it easy to answer this question from any documentation normally installed, though the answer might be implied by what's there. AIUI from what I've read, mdns4_minimal only considers resolving .local and 169.254.x.x addresses, and is designed to prevent such address queries being sent to the Internet nameservers. Any other addresses, like those you used, bypass mdns4_minimal [NOTFOUND=return] entirely. You can demonstrate this to yourself by typing: 18:21:14 ~ $ : 18:21:29 ~ $ getent -s hosts:mdns4_minimal hosts foo 2 18:21:31 ~ $ : 18:21:33 ~ $ getent -s hosts:mdns4_minimal hosts foo.local 2 18:21:41 ~ $ where you can see the non-lookup of an unknown host takes no time at all, whereas adding .local causes a five second timeout before the real lookup fails. (My prompt includes the return code.) Cheers, David.
