| 1 |
On Saturday, 13 March 2021 19:01:05 GMT Grant Taylor wrote: |
| 2 |
> On 3/12/21 12:04 PM, Michael wrote: |
| 3 |
> > Right. That's the nub of it. Samba, with AD-DC and Kerberos |
| 4 |
> > configuration deserves special attention and the apps devs advise |
| 5 |
> > accordingly. |
| 6 |
> |
| 7 |
> I see it differently. |
| 8 |
> |
| 9 |
> There's the sloppy / slipshod way that doesn't negatively effect /most/ |
| 10 |
> things. Then there's the better / proper way that doesn't negatively |
| 11 |
> effect anything. |
| 12 |
> |
| 13 |
> I see no reason to ever do it the sloppy / slipshod way when it's simple |
| 14 |
> to do it the better / proper way. |
| 15 |
|
| 16 |
Yes, I won't argue against this all around rational position. |
| 17 |
|
| 18 |
|
| 19 |
> > Yes, I recall apache would fail if you tried to contact |
| 20 |
> > http://localhost or its FQDN from the server itself, with something |
| 21 |
> > like "... host name not valid for this server", but it would serve |
| 22 |
> > the default "It works!" webpage when the server's FQDN was called |
| 23 |
> > from clients. Anyway, all this is O/T from the main question. |
| 24 |
> |
| 25 |
> It is on topic as supporting evidence to why the main topic, having the |
| 26 |
> hostname on the 127.0.0.1 / ::1 IP in the /etc/hosts file, is a bad idea. |
| 27 |
> |
| 28 |
> > It doesn't, obviously the two files are fulfilling different purposes. |
| 29 |
> > You could however specify in the DC's host file any additional DNS |
| 30 |
> > servers in the AD DNS zone with their static IP addresses. I tend |
| 31 |
> > to do this and also check the hosts file in the first instance when I |
| 32 |
> > forget what other machines play some (important) role on the current |
| 33 |
> > host's functions. This is by no means a rule or even a recommendation |
| 34 |
> > for others to do the same. ;-) |
| 35 |
> |
| 36 |
> Ah. So you're (ab)using the /etc/hosts file as a form of documentation |
| 37 |
> to make life for future you easier. Fair enough. But call the spade |
| 38 |
> the spade that it is. State that you're putting the information there |
| 39 |
> for documentation purposes, not because it's needed for some other reason. |
| 40 |
> |
| 41 |
> > I wouldn't call it majorly "wrong" on a standalone desktop use case, in |
| 42 |
> > the sense that it shouldn't break things - I think. |
| 43 |
> |
| 44 |
> I would call a configuration that works in all cases to be superior to a |
| 45 |
> configuration that only works in some cases and fails in other cases. |
| 46 |
> As such I'm describing the inferior configuration as "wrong". |
| 47 |
|
| 48 |
Fair enough. It is clear to me your proposal won't break things. Quite the |
| 49 |
opposite it will eliminate the chance of being the cause of localhost |
| 50 |
misconfiguration breaking various services. The syntax of /etc/hosts as |
| 51 |
presently configured in the Gentoo handbook doesn't even agree with the hosts |
| 52 |
man page installed by baselayout - the man page I believe follows the Debian |
| 53 |
convention. |
| 54 |
|
| 55 |
|
| 56 |
> > Address 127.0.0.1 is for internal consumption, it won't be seen by the |
| 57 |
> > external network and the host can refer to itself as its user desires. |
| 58 |
> |
| 59 |
> External hosts will see the 127.0.0.1 / ::1 address when things, like |
| 60 |
> Kerberos, use gethostbyname() and put the returned value into traffic |
| 61 |
> that leaves the system. |
| 62 |
|
| 63 |
ACK. This and Samba AD is where this thread started I think. |
| 64 |
|
| 65 |
|
| 66 |
> Aside: localhost / 127.0.0.1 / ::1 is /not/ unique to any system. |
| 67 |
> Conversely a hosts name /is/ unique to /only/ the system. Thus anything |
| 68 |
> that wants the local host's unique name should never use / see localhost |
| 69 |
> / 127.0.0.1 / ::1. As such, any time that a hosts unique name resolves |
| 70 |
> to a non-unique address should be considered wrong. |
| 71 |
> |
| 72 |
> > Furthermore, LAN addresses and domains may change all the time on |
| 73 |
> > say a roaming laptop, so setting up aliases against a temporary LAN |
| 74 |
> > IP becomes cumbersome. |
| 75 |
> |
| 76 |
> I never allow an external DHCP server (et al.) to specify the local |
| 77 |
> system's host name. Especially DHCP servers that I don't know, much |
| 78 |
> less trust. |
| 79 |
> |
| 80 |
> People's names don't change when they move to a different address. At |
| 81 |
> least this is the norm for the vast majority of people in the U.S.A. I |
| 82 |
> assume the same for the rest of the world. |
| 83 |
|
| 84 |
I was talking about the domain name changing, not the host name. |
| 85 |
|
| 86 |
my_laptop.home.com |
| 87 |
|
| 88 |
my_laptop.work.com |
| 89 |
|
| 90 |
However, the hostname should be set in /etc/conf.d/hostname, or netifrc(?). |
| 91 |
|
| 92 |
|
| 93 |
> > Yes, specifying a FQDN against localhost doesn't align with the |
| 94 |
> > practice of most distros and a number of RFCs, therefore asking why |
| 95 |
> > the handbook offers this guidance without qualifying it is worth |
| 96 |
> > exploring further. |
| 97 |
> |
| 98 |
> Very good point. |
| 99 |
> |
| 100 |
> > We have already established the handbook suggestion creates breakage on |
| 101 |
> > Samba with AD/DC, potentially on a webserver, and perhaps other server |
| 102 |
> > applications. I agree using 127.0.0.1 for the special "localhost" |
| 103 |
> > hostname is cleaner and in these use cases the right solution. |
| 104 |
> |
| 105 |
> Yes. |
| 106 |
> |
| 107 |
> > I recalled old bugs filed about this and had a look. I don't know of |
| 108 |
> > other dev conversations/bugs and what might have produced the current |
| 109 |
> > guidance in the handbook: |
| 110 |
> > |
| 111 |
> > https://bugs.gentoo.org/40203 |
| 112 |
> > https://bugs.gentoo.org/53188 |
| 113 |
> |
| 114 |
> These hint at other underlying bugs / (mis)configuration issues. |
| 115 |
|
| 116 |
Right, the topic has been (re)visited a number of times. I wonder what has |
| 117 |
brought about the hosts file syntax in the current version of the Handbook. |
| 118 |
|
| 119 |
|
| 120 |
> I can see why people might have chosen to hack around this problem by |
| 121 |
> causing the host's name to resolve to 127.0.0.1 / ::1. -- However, |
| 122 |
> I'll argue that a better solution would be to add an additional IP |
| 123 |
> address to the lo (or dummy) interface and make the name resolve to that. |
| 124 |
> |
| 125 |
> > Interestingly you attracted my attention to the man page for the |
| 126 |
> > hosts file, which I assume is installed by baselayout. I noticed |
| 127 |
> > this example quoted at the bottom where 127.0.1.1 is used for the |
| 128 |
> > host's FQDN: |
| 129 |
> > |
| 130 |
> > EXAMPLES |
| 131 |
> > |
| 132 |
> > # The following lines are desirable for IPv4 capable hosts |
| 133 |
> > 127.0.0.1 localhost |
| 134 |
> > |
| 135 |
> > # 127.0.1.1 is often used for the FQDN of the machine |
| 136 |
> > 127.0.1.1 thishost.mydomain.org thishost |
| 137 |
> |
| 138 |
> You can probably guess that I think this is a bug which should be corrected. |
| 139 |
> |
| 140 |
> Or at the very least call out that this is inferior and can cause problems. |
| 141 |
|
| 142 |
|
| 143 |
Perhaps it is time to file a bug to propose a way forward both on the Handbook |
| 144 |
and the Wiki pages to ensure network configuration remains consistent across |
| 145 |
the documentation. |
Archives