current-users: Re: HEADS UP: nsswitch about to go `live' in NetBSD-current

Subject: Re: HEADS UP: nsswitch about to go `live' in NetBSD-current
To: Wolfgang Rupprecht <wolfgang@wsrcc.com>
From: Luke Mewburn <lukem@cs.rmit.edu.au>
List: current-users
Date: 01/17/1999 17:00:13
Some points (relating to this and other issues):

1.	The back-end nsswitch dispatcher (nsdispatch(3)) is a
	generic routine. For safety, if /etc/nsswitch.conf is
	absent, corrupt, or doesn't have an appropriate entry
	for the database requested, a source list of `files'
	will be returned.

	Whilst it is used by functions such as gethostbyname(3)
	for `hosts' lookups, getpwent(3) for `passwd' lookups,
	nsdispatch(3) doesn't need to know what the lookups are
	because it is generic.

	I strongly feel that putting in a hack into a generic
	libc routine to provide a specific default of `dns files'
	for `hosts' is not the correct orthagonal thing to do.
	It reeks of a hack, even if it is to maintain prior
	behaviour. I'd object to a similar hack to support
	`passwd: compat' by default too.

	As I've mentioned a few times; if we
		a) ship an working nsswitch.conf in /usr/src/etc that
		   maintains the behaviour that most people want
		b) prompt the user at install time incase they wish to
		   override this
		b) document in the INSTALL notes the the need to have
		   /etc/nsswitch.conf with `hosts:  .. dns ...' to get
		   DNS lookups
	then what's the problem? If upgrading user's don't read
	INSTALL notes, don't do a diff of etc.tar.gz, and things
	don't work then what more can we do to support people
	such as them?


2.	*If* the dispatch code was modified to provide a default
	(as Todd and others ask for), the argument then turns to
	``what do you make as the default''?

	Some people would want `dns files'.

	Others (including myself) would want `files dns', because
	it's `safer' (such as when you depend upon lookups to
	determine ifconfig/route information, and you have that
	in /etc/hosts, otherwise you introduce long delays at
	boot as the DNS lookups timeout). Michael K. Sanders also
	points out that you have `files dns' to prevent DNS spoofing
	of these addresses.


3. 	Wolfgang Rupprecht mentions:
	> Thanks!  I was wondering if I was the only one that had a
	> fondness for the traditional BSD defaults.
	> 
	> 	file-only before named/network is up
	> 	dns-only after named/network is up
	> 
	> Can't we please at least have the default (if the nswitch
	> file doesn't exist) be the current status quo???  

	As far as I'm aware, the behaviour mentioned (files only
	before network is available, dns only after) hasn't been
	in use in NetBSD or other systems I've checked such as
	Solaris and ULTRIX. In all three cases the lookups remain
	the way they were defined at boot time.

	If Wolfgang wants the behaviour he mentions he'd have to
	add something to /etc/rc which changes /etc/nsswitch.conf
	after the networking is up and running.

	Alternatively, he could just put `hosts: files dns' in
	/etc/nsswitch.conf, and keep /etc/hosts uptodate with those
	critical hostnames you need at boot...


Luke.