| 1 |
On 3/12/21 12:04 PM, Michael wrote: |
| 2 |
> Right. That's the nub of it. Samba, with AD-DC and Kerberos |
| 3 |
> configuration deserves special attention and the apps devs advise |
| 4 |
> accordingly. |
| 5 |
|
| 6 |
I see it differently. |
| 7 |
|
| 8 |
There's the sloppy / slipshod way that doesn't negatively effect /most/ |
| 9 |
things. Then there's the better / proper way that doesn't negatively |
| 10 |
effect anything. |
| 11 |
|
| 12 |
I see no reason to ever do it the sloppy / slipshod way when it's simple |
| 13 |
to do it the better / proper way. |
| 14 |
|
| 15 |
> Yes, I recall apache would fail if you tried to contact |
| 16 |
> http://localhost or its FQDN from the server itself, with something |
| 17 |
> like "... host name not valid for this server", but it would serve |
| 18 |
> the default "It works!" webpage when the server's FQDN was called |
| 19 |
> from clients. Anyway, all this is O/T from the main question. |
| 20 |
|
| 21 |
It is on topic as supporting evidence to why the main topic, having the |
| 22 |
hostname on the 127.0.0.1 / ::1 IP in the /etc/hosts file, is a bad idea. |
| 23 |
|
| 24 |
> It doesn't, obviously the two files are fulfilling different purposes. |
| 25 |
> You could however specify in the DC's host file any additional DNS |
| 26 |
> servers in the AD DNS zone with their static IP addresses. I tend |
| 27 |
> to do this and also check the hosts file in the first instance when I |
| 28 |
> forget what other machines play some (important) role on the current |
| 29 |
> host's functions. This is by no means a rule or even a recommendation |
| 30 |
> for others to do the same. ;-) |
| 31 |
|
| 32 |
Ah. So you're (ab)using the /etc/hosts file as a form of documentation |
| 33 |
to make life for future you easier. Fair enough. But call the spade |
| 34 |
the spade that it is. State that you're putting the information there |
| 35 |
for documentation purposes, not because it's needed for some other reason. |
| 36 |
|
| 37 |
> I wouldn't call it majorly "wrong" on a standalone desktop use case, in |
| 38 |
> the sense that it shouldn't break things - I think. |
| 39 |
|
| 40 |
I would call a configuration that works in all cases to be superior to a |
| 41 |
configuration that only works in some cases and fails in other cases. |
| 42 |
As such I'm describing the inferior configuration as "wrong". |
| 43 |
|
| 44 |
> Address 127.0.0.1 is for internal consumption, it won't be seen by the |
| 45 |
> external network and the host can refer to itself as its user desires. |
| 46 |
|
| 47 |
External hosts will see the 127.0.0.1 / ::1 address when things, like |
| 48 |
Kerberos, use gethostbyname() and put the returned value into traffic |
| 49 |
that leaves the system. |
| 50 |
|
| 51 |
Aside: localhost / 127.0.0.1 / ::1 is /not/ unique to any system. |
| 52 |
Conversely a hosts name /is/ unique to /only/ the system. Thus anything |
| 53 |
that wants the local host's unique name should never use / see localhost |
| 54 |
/ 127.0.0.1 / ::1. As such, any time that a hosts unique name resolves |
| 55 |
to a non-unique address should be considered wrong. |
| 56 |
|
| 57 |
> Furthermore, LAN addresses and domains may change all the time on |
| 58 |
> say a roaming laptop, so setting up aliases against a temporary LAN |
| 59 |
> IP becomes cumbersome. |
| 60 |
|
| 61 |
I never allow an external DHCP server (et al.) to specify the local |
| 62 |
system's host name. Especially DHCP servers that I don't know, much |
| 63 |
less trust. |
| 64 |
|
| 65 |
People's names don't change when they move to a different address. At |
| 66 |
least this is the norm for the vast majority of people in the U.S.A. I |
| 67 |
assume the same for the rest of the world. |
| 68 |
|
| 69 |
> Yes, specifying a FQDN against localhost doesn't align with the |
| 70 |
> practice of most distros and a number of RFCs, therefore asking why |
| 71 |
> the handbook offers this guidance without qualifying it is worth |
| 72 |
> exploring further. |
| 73 |
|
| 74 |
Very good point. |
| 75 |
|
| 76 |
> We have already established the handbook suggestion creates breakage on |
| 77 |
> Samba with AD/DC, potentially on a webserver, and perhaps other server |
| 78 |
> applications. I agree using 127.0.0.1 for the special "localhost" |
| 79 |
> hostname is cleaner and in these use cases the right solution. |
| 80 |
|
| 81 |
Yes. |
| 82 |
|
| 83 |
> I recalled old bugs filed about this and had a look. I don't know of |
| 84 |
> other dev conversations/bugs and what might have produced the current |
| 85 |
> guidance in the handbook: |
| 86 |
> |
| 87 |
> https://bugs.gentoo.org/40203 |
| 88 |
> https://bugs.gentoo.org/53188 |
| 89 |
|
| 90 |
These hint at other underlying bugs / (mis)configuration issues. |
| 91 |
|
| 92 |
I can see why people might have chosen to hack around this problem by |
| 93 |
causing the host's name to resolve to 127.0.0.1 / ::1. -- However, |
| 94 |
I'll argue that a better solution would be to add an additional IP |
| 95 |
address to the lo (or dummy) interface and make the name resolve to that. |
| 96 |
|
| 97 |
> Interestingly you attracted my attention to the man page for the |
| 98 |
> hosts file, which I assume is installed by baselayout. I noticed |
| 99 |
> this example quoted at the bottom where 127.0.1.1 is used for the |
| 100 |
> host's FQDN: |
| 101 |
> |
| 102 |
> EXAMPLES |
| 103 |
> # The following lines are desirable for IPv4 capable hosts |
| 104 |
> 127.0.0.1 localhost |
| 105 |
> |
| 106 |
> # 127.0.1.1 is often used for the FQDN of the machine |
| 107 |
> 127.0.1.1 thishost.mydomain.org thishost |
| 108 |
|
| 109 |
You can probably guess that I think this is a bug which should be corrected. |
| 110 |
|
| 111 |
Or at the very least call out that this is inferior and can cause problems. |
| 112 |
|
| 113 |
> If the Gentoo handbook recommends something different, I think the devs |
| 114 |
> should at least qualify why this is so and potentially offer warnings |
| 115 |
> on use cases where the handbook recommendation is inappropriate and |
| 116 |
> must be deviated from. |
| 117 |
|
| 118 |
Agreed. |
| 119 |
|
| 120 |
Also, see prior comment about superior / everywhere vs inferior / not |
| 121 |
everywhere options. |
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
-- |
| 126 |
Grant. . . . |
| 127 |
unix || die |
Archives