On Fri 02 Aug 2024 at 09:40:44 (+1000), George at Clug wrote: > On Friday, 02-08-2024 at 00:48 David Wright wrote: > > On Thu 01 Aug 2024 at 10:32:27 (-0400), Greg Wooledge wrote: > > > On Thu, Aug 01, 2024 at 14:30:05 +0000, fxkl4...@protonmail.com wrote: > > > > my nsswitch.conf is "hosts: files mdns4_minimal [NOTFOUND=return] dns" > > > > i don't remenber changing it in the past few decades > > > > i recently had a situation that made me question the ordering > > > > my dns server is my primary router > > > > should dns be first > > > > > > It would be *extremely* unusual to want to consult DNS before /etc/hosts. > > > I recommend leaving files first unless you have a *really* good reason > > > to switch them. > > > > > > I have no comment on mdns4_minimal because I don't really know what that > > > is. > > > > AIUI mdns4_minimal is for devices that configure themselves using > > multicast DNS on .local. If you put dns first, then the names of any > > .local devices will be leaked out of your LAN and on to the Internet's > > DNS servers. [NOTFOUND=return] is what prevent that happening IF you > > leave the order alone.
Can I tighten that up: names that resolve shouldn't leak; it's names that don't resolve, which would be passed onwards for DNS to resolve, that would leak. > > (BTW don't use .local for your LAN domain name.) > > Why is that? (recently I was starting to believe I should stop using the > domain names I had chosen, and start using (what I thought was) the standard > of .local) https://www.ietf.org/rfc/rfc6762.txt explains what .local is for. > Is it your personal preference, or a technical necessity? > > What is best practice for a local LAN prefix? (I have never found conclusive > instruction). I've been in the habit of using .corp after reading: https://www.icann.org/resources/board-material/resolutions-2018-02-04-en#2.c but I don't think that decision is set in stone, and certainly RFC 8375 now recommends .home.arpa for residences, so that's a better bet. > It is my belief that .local is a MS idea originating from the configuration > of their servers. Is this correct? Most of what I've read has credited Apple with this, not Microsoft. Cheers, David.
