acquiring hostname from reverse DNS needs to consider resolver configuration
Back Story
The systemd change to use fedora
as the fallback hostname instead of localhost
in Fedora 33 (see BZ#1892235) has lead me to dig into Network Manager a bit more.
In Fedora 33 (NM v1.26.4) the priority is:
/* Hostname precedence order:
*
* 1) a configured hostname (from settings)
* 2) automatic hostname from the default device's config (DHCP, VPN, etc)
* 3) the last hostname set outside NM
* 4) reverse-DNS of the best device's IPv4 address
*
*/
Unfortunately, because of the fallback hostname change this means that step 3 will succeed and return fedora
because the check for nm_utils_is_specific_hostname()
won't reject it.
Which means that reverse DNS never gets tried (at least for current NM in Fedora 33 (NetworkManager-1.26.4-1.fc33.x86_64
).
This caused me to look upstream to see if NM had accounted for this.
Upstream bug
Good news. It turns out that recently 09c83871 slightly changed the priority of things to:
/* Hostname precedence order:
*
* 1) a configured hostname (from settings)
* 2) automatic hostname from DHCP of eligible interfaces
* 3) reverse-DNS lookup of the first address on eligible interfaces
* 4) the last hostname set outside NM
*/
I started to test it out. Found one bug that was fixed by 5b9479a7. Now with that fix I tested things out to see if setting the hostname via reverse DNS happens. It works!
But what if systemd-resolved
is disabled? It doesn't work
Another change introduced in Fedora 33 was that systemd-resolved
was enabled by default. Additionally the nsswitch.conf file was changed from:
[vagrant@vanilla-f32 ~]$ grep '^hosts' /etc/nsswitch.conf
hosts: files dns myhostname
to
[vagrant@vanilla-f33 ~]$ grep '^hosts' /etc/nsswitch.conf
hosts: files resolve [!UNAVAIL=return] myhostname dns
Findings:
If systemd-resolved
is enabled:
- if reverse DNS queries work then it (latest NM that contains 5b9479a7 and newer) will give you the right answer for getting the hostname from rDNS.
✅ - if reverse DNS queries don't work then it gives you
fedora
(the fallback hostname set by systemd on F33). It would be preferable here in our specific case if it failed so we could fall through to the NM logic in4)
rather than band aid over the failure with its own logic (which is useful in cases other than this).⚠ ️
If systemd-resolved
isn't enabled:
- then it falls through directly to
myhostname
now, which just returnsfedora
now on F33, so we never fall through todns
.❌
Considering all of these variables I think it would make sense to modify the piece of the code that tries to query DNS to set the hostname to only consider the dns
nss module for hosts. I can't think of a good reason you'd want the hostname-from-dns strategy to get the answer from the local machine.
I noticed at least for getent
you can override the module used to just set it to dns
. In the following example I highlight the different answer returned from the myhostname
module vs the dns
module.
[core@fedora ~]$ getent -s hosts:myhostname hosts 45.32.216.252
45.32.216.252 fedora
[core@fedora ~]$
[core@fedora ~]$ getent -s hosts:dns hosts 45.32.216.252
45.32.216.252 45.32.216.252.vultr.com