>...
>On Thursday, June 9, 2005, 5:32:23 AM, Ronan McGlue wrote:
>> Niek wrote:
>>> On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote:
>>>
>>>> sry should have added that the DNS order in /etc/resolv.conf is also
>>>> correct...
>>>
>>>
>>> What order ? The nameservers are used randomly...
>> again, my semantics need work... :S
>
>> the DNS *is in* order in /etc/resolv.conf...
>
>
>> anyclues as to why SA isnt 'apparently' using the hosts file??
>
>> ronan
>
>Don't use /etc/hosts for anything other than specifying the
>basics of your local machine. /etc/hosts is only used by the
>system during boot time before BIND is up. After that, BIND
>is responsible for name resolution.
>
>Jeff C.
>--
>Jeff Chan
>mailto:[EMAIL PROTECTED]
>http://www.surbl.org/
>
>
For most machines, this is both true and the preferred method of
name lookup. But for OSs with nsswitch.conf, it neither *must* be true,
nor is it always desirable; I have a large number of multi-homed machines
with different firewall rules for different interfaces and not all daemons
"listen" on all interfaces - so for *some* machines, I use a line like:
hosts: files dns
inside of nsswitch.conf and specify unique names for the different
interfaces. This allows me to avoid long timeouts if I "ssh" to a
machine, which only accepts connections on one interface (i.e. with
the default behavior, I would get the interfaces chosen randomly,
and in some cases wait 30+ seconds for timeouts before the only interface
"listening" which will respond is attempted). I also have other machines
with other daemons also setup "asymmetrically" (i.e. not "listening" on
all interfaces).
Still, in general, your advice is correct, and only for special
cases should the default (AFAIK on every OS with nsswitch.com), be changed
in the manner I just described.
Just to note: At least on NetBSD, the default is
hosts: dns, files, nis
which will act exactly like Jeff suggested - and is probably the correct
choice for >90% of all machines/environments. Also, the host file format
cannot on most OSs deal properly with multi-homed hosts anyway (it will
always and only choose the "first" match). Possible a [Notfound = return]
clause might be properly inserted in the list for many situations (in
particular when using NIS or NIS+).
Also, doing what I have described, greatly complicates both
the setup and maintenance of the machines which use a non-standard
resolution ordering rule. By far the simplist and easiest case is
when the hosts file contains localhost and the name(s) of the local
interfaces only - then soon after boot, everything uses BIND (just like
Jeff said).
Much more likely, is the possibility that the Perl DNS module
simply ignores nsswitch.conf and does calls to the resolver library
(or the corresponding functions on some OSs) rather than call
gethostbyname(), etc. Also remember, some people still use NIS and/or
NIS+, so BIND/DNS is not the correct answer for all environments, but
is for most.
Now, I have to go and check the Perl module to see what is
does (I do remember, that at one point it would only use the first
nameserver entry in resolve.conf - all written with "roll-your-own"
code that didn't always act like the rest of the system).
Paul Shupak
[EMAIL PROTECTED]
