1 |
On Saturday, 13 March 2021 19:01:05 GMT Grant Taylor wrote: |
2 |
> On 3/12/21 12:04 PM, Michael wrote: |
3 |
> > Right. That's the nub of it. Samba, with AD-DC and Kerberos |
4 |
> > configuration deserves special attention and the apps devs advise |
5 |
> > accordingly. |
6 |
> |
7 |
> I see it differently. |
8 |
> |
9 |
> There's the sloppy / slipshod way that doesn't negatively effect /most/ |
10 |
> things. Then there's the better / proper way that doesn't negatively |
11 |
> effect anything. |
12 |
> |
13 |
> I see no reason to ever do it the sloppy / slipshod way when it's simple |
14 |
> to do it the better / proper way. |
15 |
|
16 |
Yes, I won't argue against this all around rational position. |
17 |
|
18 |
|
19 |
> > Yes, I recall apache would fail if you tried to contact |
20 |
> > http://localhost or its FQDN from the server itself, with something |
21 |
> > like "... host name not valid for this server", but it would serve |
22 |
> > the default "It works!" webpage when the server's FQDN was called |
23 |
> > from clients. Anyway, all this is O/T from the main question. |
24 |
> |
25 |
> It is on topic as supporting evidence to why the main topic, having the |
26 |
> hostname on the 127.0.0.1 / ::1 IP in the /etc/hosts file, is a bad idea. |
27 |
> |
28 |
> > It doesn't, obviously the two files are fulfilling different purposes. |
29 |
> > You could however specify in the DC's host file any additional DNS |
30 |
> > servers in the AD DNS zone with their static IP addresses. I tend |
31 |
> > to do this and also check the hosts file in the first instance when I |
32 |
> > forget what other machines play some (important) role on the current |
33 |
> > host's functions. This is by no means a rule or even a recommendation |
34 |
> > for others to do the same. ;-) |
35 |
> |
36 |
> Ah. So you're (ab)using the /etc/hosts file as a form of documentation |
37 |
> to make life for future you easier. Fair enough. But call the spade |
38 |
> the spade that it is. State that you're putting the information there |
39 |
> for documentation purposes, not because it's needed for some other reason. |
40 |
> |
41 |
> > I wouldn't call it majorly "wrong" on a standalone desktop use case, in |
42 |
> > the sense that it shouldn't break things - I think. |
43 |
> |
44 |
> I would call a configuration that works in all cases to be superior to a |
45 |
> configuration that only works in some cases and fails in other cases. |
46 |
> As such I'm describing the inferior configuration as "wrong". |
47 |
|
48 |
Fair enough. It is clear to me your proposal won't break things. Quite the |
49 |
opposite it will eliminate the chance of being the cause of localhost |
50 |
misconfiguration breaking various services. The syntax of /etc/hosts as |
51 |
presently configured in the Gentoo handbook doesn't even agree with the hosts |
52 |
man page installed by baselayout - the man page I believe follows the Debian |
53 |
convention. |
54 |
|
55 |
|
56 |
> > Address 127.0.0.1 is for internal consumption, it won't be seen by the |
57 |
> > external network and the host can refer to itself as its user desires. |
58 |
> |
59 |
> External hosts will see the 127.0.0.1 / ::1 address when things, like |
60 |
> Kerberos, use gethostbyname() and put the returned value into traffic |
61 |
> that leaves the system. |
62 |
|
63 |
ACK. This and Samba AD is where this thread started I think. |
64 |
|
65 |
|
66 |
> Aside: localhost / 127.0.0.1 / ::1 is /not/ unique to any system. |
67 |
> Conversely a hosts name /is/ unique to /only/ the system. Thus anything |
68 |
> that wants the local host's unique name should never use / see localhost |
69 |
> / 127.0.0.1 / ::1. As such, any time that a hosts unique name resolves |
70 |
> to a non-unique address should be considered wrong. |
71 |
> |
72 |
> > Furthermore, LAN addresses and domains may change all the time on |
73 |
> > say a roaming laptop, so setting up aliases against a temporary LAN |
74 |
> > IP becomes cumbersome. |
75 |
> |
76 |
> I never allow an external DHCP server (et al.) to specify the local |
77 |
> system's host name. Especially DHCP servers that I don't know, much |
78 |
> less trust. |
79 |
> |
80 |
> People's names don't change when they move to a different address. At |
81 |
> least this is the norm for the vast majority of people in the U.S.A. I |
82 |
> assume the same for the rest of the world. |
83 |
|
84 |
I was talking about the domain name changing, not the host name. |
85 |
|
86 |
my_laptop.home.com |
87 |
|
88 |
my_laptop.work.com |
89 |
|
90 |
However, the hostname should be set in /etc/conf.d/hostname, or netifrc(?). |
91 |
|
92 |
|
93 |
> > Yes, specifying a FQDN against localhost doesn't align with the |
94 |
> > practice of most distros and a number of RFCs, therefore asking why |
95 |
> > the handbook offers this guidance without qualifying it is worth |
96 |
> > exploring further. |
97 |
> |
98 |
> Very good point. |
99 |
> |
100 |
> > We have already established the handbook suggestion creates breakage on |
101 |
> > Samba with AD/DC, potentially on a webserver, and perhaps other server |
102 |
> > applications. I agree using 127.0.0.1 for the special "localhost" |
103 |
> > hostname is cleaner and in these use cases the right solution. |
104 |
> |
105 |
> Yes. |
106 |
> |
107 |
> > I recalled old bugs filed about this and had a look. I don't know of |
108 |
> > other dev conversations/bugs and what might have produced the current |
109 |
> > guidance in the handbook: |
110 |
> > |
111 |
> > https://bugs.gentoo.org/40203 |
112 |
> > https://bugs.gentoo.org/53188 |
113 |
> |
114 |
> These hint at other underlying bugs / (mis)configuration issues. |
115 |
|
116 |
Right, the topic has been (re)visited a number of times. I wonder what has |
117 |
brought about the hosts file syntax in the current version of the Handbook. |
118 |
|
119 |
|
120 |
> I can see why people might have chosen to hack around this problem by |
121 |
> causing the host's name to resolve to 127.0.0.1 / ::1. -- However, |
122 |
> I'll argue that a better solution would be to add an additional IP |
123 |
> address to the lo (or dummy) interface and make the name resolve to that. |
124 |
> |
125 |
> > Interestingly you attracted my attention to the man page for the |
126 |
> > hosts file, which I assume is installed by baselayout. I noticed |
127 |
> > this example quoted at the bottom where 127.0.1.1 is used for the |
128 |
> > host's FQDN: |
129 |
> > |
130 |
> > EXAMPLES |
131 |
> > |
132 |
> > # The following lines are desirable for IPv4 capable hosts |
133 |
> > 127.0.0.1 localhost |
134 |
> > |
135 |
> > # 127.0.1.1 is often used for the FQDN of the machine |
136 |
> > 127.0.1.1 thishost.mydomain.org thishost |
137 |
> |
138 |
> You can probably guess that I think this is a bug which should be corrected. |
139 |
> |
140 |
> Or at the very least call out that this is inferior and can cause problems. |
141 |
|
142 |
|
143 |
Perhaps it is time to file a bug to propose a way forward both on the Handbook |
144 |
and the Wiki pages to ensure network configuration remains consistent across |
145 |
the documentation. |