Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: use Go DNS resolver when nsswitch.conf permits #10485

Closed
bradfitz opened this issue Apr 16, 2015 · 26 comments

Comments

Projects
None yet
@bradfitz
Copy link
Member

commented Apr 16, 2015

We should prefer the Go DNS resolver (over libc's) if the /etc/nsswitch.conf file permits, to avoid the cgo & thread overhead.

Initial CL is https://go-review.googlesource.com/8945

But before I submit that, I want to gather a bunch of /etc/nsswitch.conf files from different systems for more test data.

Please post yours here if it's unique.

Please include the OS/distro/version information, and which interesting OS packages you might have installed (e.g. Avahi) or not. Whatever's interesting info.

Thanks.

@minux

This comment has been minimized.

Copy link
Member

commented Apr 16, 2015

Here is the default one on the solaris builder

# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

#
# /etc/nsswitch.conf:
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

passwd:     files
group:      files
hosts:      files mdns dns
ipnodes:    files mdns dns
networks:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup;  the system will 
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:   files
automount:  files
aliases:    files
services:   files
printers:   user files

auth_attr:  files
prof_attr:  files
project:    files

tnrhtp:     files
tnrhdb:     files
@minux

This comment has been minimized.

Copy link
Member

commented Apr 16, 2015

This is the default one for the netbsd/386 builder:

#       $NetBSD: nsswitch.conf,v 1.6 2009/10/25 00:17:06 tsarna Exp $
#
# nsswitch.conf(5) -
#       name service switch configuration file
#


# These are the defaults in libc
#
group:          compat
group_compat:   nis
hosts:          files dns
netgroup:       files [notfound=return] nis
networks:       files
passwd:         compat
passwd_compat:  nis
shells:         files


# List of supported sources for each database
#
# group:                compat, dns, files, nis
# group_compat:         dns, nis
# hosts:                dns, files, nis, mdnsd, multicast_dns
# netgroup:             files, nis
# networks:             dns, files, nis
# passwd:               compat, dns, files, nis
# passwd_compat:        dns, nis
# shells:               dns, files, nis
@andybalholm

This comment has been minimized.

Copy link

commented Apr 16, 2015

FreeBSD 10:

#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/10.1/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
#
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
@andybalholm

This comment has been minimized.

Copy link

commented Apr 16, 2015

Ubuntu 14.04:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
@abraithwaite

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2015

Arch with Avahi.

# Begin /etc/nsswitch.conf

passwd: files
group: files
shadow: files
publickey: files

hosts: files mdns dns myhostname
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

# End /etc/nsswitch.conf
abraithwaite at arch in ~ 
$ pkgfile /etc/nsswitch.conf
core/filesystem
abraithwaite at arch in ~ 
$ pacman -Q filesystem
filesystem 2015.02-1
@lstep

This comment has been minimized.

Copy link

commented Apr 17, 2015

Ubuntu 14.04.02

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files myhostname mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
@mdempsky

This comment has been minimized.

Copy link
Member

commented Apr 17, 2015

On OpenBSD there's no nsswitch.conf file. Instead, host resolution database ordering is controlled by the "lookup" option in /etc/resolv.conf. E.g., "lookup bind file" (the default) means to check DNS, then fall back to /etc/hosts. There are also no "criterion" like in nsswitch.conf files, just a list of databases. See http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/resolv.conf.5

@cznic

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2015

Linux 4670 3.16.0-34-generic #47-Ubuntu SMP Fri Apr 10 18:02:58 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
@dspezia

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2015

Linux ncegcolnx329 3.0.13-0.27-default #1 SMP Wed Feb 15 13:33:49 UTC 2012 (d73692b) x86_64 x86_64 x86_64 GNU/Linux

A SLES11 SP2 box, running in a corporate environment using centrify:

passwd: centrifydc  files centrifydc
shadow: centrifydc  files centrifydc
group: centrifydc   files centrifydc

hosts:          files dns
networks:       files dns

services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
publickey:      files

bootparams:     files
automount:      files
aliases:        files
@mrauh

This comment has been minimized.

Copy link

commented Apr 17, 2015

openSUSE 13.2
Linux 3.16.7-7-desktop SMP PREEMPT Wed Dec 17 18:00:44 UTC 2014 (762f27a) x86_64 x86_64 x86_64 GNU/Linux

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd: compat
group:  compat

hosts:      files mdns_minimal [NOTFOUND=return] dns
networks:   files dns

services:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
netgroup:   files nis
publickey:  files

bootparams: files
automount:  files nis
aliases:    files
@martisch

This comment has been minimized.

Copy link
Member

commented Apr 17, 2015

Xen.org XCP Host 1.6.10-61809c

passwd:     files
shadow:     files
group:      files

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus

Debian squeeze (6.0) LTS

passwd:         files [success=return notfound=continue unavail=continue tryagain=continue] ldap
group:          files [success=return notfound=continue unavail=continue tryagain=continue] ldap
shadow:         files [success=return notfound=continue unavail=continue tryagain=continue] ldap

hosts:          dns [success=return notfound=continue unavail=continue tryagain=continue] files [notfound=return]
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
@kornel661

This comment has been minimized.

Copy link

commented Apr 17, 2015

Gentoo with net-dns/avahi-0.6.31-r6
Linux km-laptop 3.19.4-gentookm #1 SMP Tue Apr 14 11:19:18 BST 2015 x86_64 Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz GenuineIntel GNU/Linux

# /etc/nsswitch.conf:
# $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $

passwd:      compat
shadow:      compat
group:       compat

# passwd:    db files nis
# shadow:    db files nis
# group:     db files nis

hosts:       files dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files

@ptman

This comment has been minimized.

Copy link

commented Apr 17, 2015

A customized file I've used on Ubuntu 10.04/12.04/14.04 with sssd:

passwd:         files sss
group:          files sss
shadow:         files
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis
@Thomasdezeeuw

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2015

Ubuntu 14.10
Linux 3.16.0-33-generic #44-Ubuntu SMP Thu Mar 12 12:19:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
@iand

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2015

Debian Jessie
Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt4-3 (2015-02-03) x86_64 GNU/Linux

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat
gshadow:        files

hosts:          files myhostname mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
@groob

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2015

CoreOS

Linux coreos02 3.19.3 #2 SMP Wed Apr 15 03:01:09 UTC 2015 x86_64 Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz GenuineIntel GNU/Linux

# /etc/nsswitch.conf:

passwd:      files usrfiles
shadow:      files usrfiles
group:       files usrfiles

hosts:       files usrfiles dns
networks:    files usrfiles dns

services:    files usrfiles
protocols:   files usrfiles
rpc:         files usrfiles

ethers:      files
netmasks:    files
netgroup:    files
bootparams:  files
automount:   files
aliases:     files
@nightlyone

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2015

Please note, that .local doesn't imply avahi. It is a popular setup on large heterogeneous networks (e.g. Windows + Linux) to localize the effects of the DNS component of Active Directory to the "LAN". Sites which run that usually disable avahi for that to work, since they don't need it.

So a way to switch this assumption off in Go is needed.

@bradfitz

This comment has been minimized.

Copy link
Member Author

commented Apr 17, 2015

@nightlyone, I know that local doesn't mean Avahi. But I also know that it's not a valid DNS TLD and Go doesn't do mDNS or Active Directory etc. So if it is seen, we use C like before. Why do you need a switch for that assumption?

@leelynne

This comment has been minimized.

Copy link

commented Apr 17, 2015

Amazon Linux AMI 2014.09
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis
passwd:     files
shadow:     files
group:      files
#hosts:     db files nisplus nis dns
hosts:      files dns
# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  nisplus
automount:  files
aliases:    files nisplus
@marineam

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2015

As an extra kink for .local and avahi, it is actually configurable: (in /etc/avahi/avahi-daemon.conf)

[server]
#host-name=foo
#domain-name=local

Beyond avahi unless there is an explicit and well documented switch to force the use of the libc resolver this feels like a can of worms. There are a variety of options that can be set in /etc/host.conf (influences /etc/hosts) /etc/gai.conf (influences getaddrinfo in general) as well as the usual /etc/resolv.conf and /etc/nsswitch.conf. In the mind of a sysadmin or a distro maintainer I really need a way to tell Go to use libc because it isn't practical for Go to reliably know when its behavior differs from libc.

@martisch

This comment has been minimized.

Copy link
Member

commented Apr 17, 2015

@bradfitz i would argue that local is a valid dns top-level domain but it has special treatment as you say "Any DNS query for a name ending with ".local." MUST be sent to the mDNS IPv4 link-local multicast address 224.0.0.251" http://tools.ietf.org/html/rfc6762

@adrianojn

This comment has been minimized.

Copy link

commented Apr 18, 2015

openSUSE 13.2
Linux opensuse 3.16.6-2-desktop #1 SMP PREEMPT Mon Oct 20 13:47:22 UTC 2014 (feb42ea) i686 i686 i386 GNU/Linux

passwd: compat
group:  compat

hosts:  files mdns_minimal [NOTFOUND=return] dns
networks:   files dns

services:   files
protocols:  files
rpc:    files
ethers: files
netmasks:   files
netgroup:   files nis
publickey:  files

bootparams: files
automount:  files nis
aliases:    files
@myfreeweb

This comment has been minimized.

Copy link

commented Apr 19, 2015

FreeBSD 10.1, almost stock, but I've added mdns! I use Apple's mDNSResponder for zeroconf *.local on FreeBSD.

#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/10.1/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
#
group: compat
group_compat: nis
hosts: files dns mdns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
@lpar

This comment has been minimized.

Copy link

commented Apr 20, 2015

Fedora 21. I seem to recall that I modified it from stock in order to favor IPv6 for mDNS since more of my devices are IPv6 than IPv4. Initial comment paragraphs stripped.

passwd:     files
shadow:     files
group:      files
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files mdns_minimal [NOTFOUND=return] dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus
@lpar

This comment has been minimized.

Copy link

commented Apr 20, 2015

Debian 7.8

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns6_minimal [NOTFOUND=return] dns mdns6 mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Same comments apply.

@mikioh mikioh added this to the Go1.5 milestone May 2, 2015

@mikioh

This comment has been minimized.

Copy link
Contributor

commented May 2, 2015

@mikioh mikioh closed this May 2, 2015

@golang golang locked and limited conversation to collaborators Jun 25, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.