Does Debian need the local host name in /etc/hosts for IPv6?
This article was updated, and the issue seems solved. Please look at the last paragraph before adding comments.
Exim has the habit of trying to find out about its host names and IP addresses when it starts up. This has, in the past, been an issue for the Debian packages, since a Debian system might be on a dial-on-demand modem line with expensive costs and thus should not do unnecessary DNS lookup when the MTA is started.
This article tries to describe the issue and which countermeasures debian took, and asks for tips how to solve this in the case of IPv6, where our past measures unfortunately do not directly apply.
I'd like to solicit opinions from people who are more experienced than me with Unix, the local resolver library including /etc/hosts and /etc/nsswitch.conf, DNS, and - especially - the customs that apply on a system running IPv6.
To avoid the extra DNS lookups, the Exim packages have a Debconf option to configure exim for "minimal DNS usage", which hardcodes the hostname into Exim's configuration at package configuration time. This was necessary since - without this option - exim looks up its own host name in the DNS even when a completely local operation is invoked.
In some cases, exim still looks up its IP address when a listening daemon starts up. This is why the Debian installer configures 127.0.1.1 (_not_ 127.0.0.1) for the local hostname on installation, yielding /etc/hosts files like
127.0.0.1 localhost 127.0.1.1 myfoo.localdomain myfoo # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
However, in the last few weeks I have heard a few cases where exim does IPv6 AAAA lookups when a listening daemon starts up. An strace shows a gethostbyname2 call for AF_INET6, and if we want to continue the line we went in the past, we'd need an IPv6 address for myfoo.localdomain in /etc/hosts as well.
I am now wondering how this could be implemented. In IPv4, we have 127.0.0.0/8 available for the local host and could arbitrarily choose 127.0.1.1 to configure the local host name on. In IPv6, there is only ::1, which is a single address. Would it be possible to choose an arbitrary "link local" address on lo, the loopback interface? Or is there any better way?
This being said, I consider the entire 127.0.1.1 business a horrible hack which is one of the most ugly things I have ever seen. Do we have a chance to implement this in a more cleaner way, or is it still the way to go for the distribution, where we don't know zilch about the environment where an installed system is going to be used?
This issue leads to people adding their local host name to ::1 in /etc/hosts, which might re-introduce other issues that we experienced in a phase when we did the same for 127.0.0.1, eventually ending up with 127.0.1.1, or to disabling IPv6 altogether, which is a bad thing in a time where IPv6 should be enabled, not disabled. So I'd like to find a clean solution which could then be implemented in whatever part of Debian might be responsible.
I tried asking this question in other places, including Usenet, before pestering my Blog to ask the Lazyweb, but obviously the people I asked before do not care for the special environment that a Linux distribution has to take care of. The only answers I got were like "that would be the local administrator's task to fix" and "this should be taken care of in the local DNS server/setup (maybe even on the local box being installed)". A quite frustrating experience.
The issue seems solved. To avoid the extra DNS lookups, the Debian Exim packages have a Debconf option to configure exim for "minimal DNS usage", which hardcodes the hostname into Exim's configuration at package configuration time. This - silently - doesn't happen if hostname --fqdn does not return a fully qualified name (#476249).
I am inclined to solve this issue by having update-exim4.conf print a warning if hostname --fqdn does only return a single-component name and leave the rest to the local admin.
Display comments as Linear | Threaded
anon on :
Fix bloody exim or use a local DNS caching daemon, hack that associate the hostname with "localhost" address break so many things it is not even funny.
Marc 'Zugschlus' Haber on :
Dear Anonymous, do you have example for things that break with the way Debian has been doing it for years.
Installing an additional daemon is of course out of the question for a Debian default install.
As far as exim goes - I trust Philip Hazel enough to believe that he had a reason for implementing things as they are. However, I'll happily forward patches "fixing" this upstream for review and comments.
-thh on :
Wo liegt denn das Problem, wenn man 127.0.0.1 neben localhost auch mit dem Hostname assoziiert?
Marc 'Zugschlus' Haber on :
Ich erinnere es nimmer hundertprozentig, aber IIRC gab es dann natürlich nette Dinge mit dem reverse lookup, die MTAs und Webserver zu so netten Dingen wie "HELO localhost.localdomain" veranlasst haben. Ich weiß das aber nicht mehr genau; Debian macht den Stunt mit dem 127.0.1.1 schon seit Jahren.
-thh on :
Ja, stimmt. Das kann man aber IIRC verhindern, indem man den Hostnamen an den Anfang der Kette stellt. Oder so. kopfkratz
John Allen on :
Can't the DNS lookup be avoided by using the "gethostbyname" or "byname" options in exim?
I found an old thread about this: http://lists.exim.org/lurker/thread/20011111.195634.4cbcf3da.en.html
Marc 'Zugschlus' Haber on :
gethostbyname and byname influences exim's behavior during message delivery, which is not the issue here.
The old thread say that you need to set primary_hostname, which Debian has been doing in the "minimal DNS" configuration variant for years, but the lookups still happen under some circumstances and can be avoided by giving an IPv4 and an IPv6 address for the local host name in /etc/hosts.
Jeremy on :
If you want to use sudo, you're screwed. sudo uses gethostbyname(), and if, like me, you change your hostname and don't update /etc/hosts, you'll be locked out of your own system until you reboot into single-user mode and fix it manually.
edmonds on :
hmm, why is exim using gethostbyname2 at all? why isn't HAVE_GETIPNODEBYNAME set in OS/os.h-Linux?