diff options
| author | Florian Klink <flokli@flokli.de> | 2021-07-23 02:28:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-23 02:28:32 +0200 |
| commit | 013e0890001024b10b2e08e55438b6df1a285ce7 (patch) | |
| tree | 1d6baa369ddf5c0e4cdd277eace8284384d3033e /nixos/doc/manual/from_md/release-notes | |
| parent | b09661d41fb93562fd53f31574dbf781b130ac44 (diff) | |
| parent | c1536f5c78ead2fdcb0ec11824d673638fa6a5f4 (diff) | |
| download | nixpkgs-013e0890001024b10b2e08e55438b6df1a285ce7.tar nixpkgs-013e0890001024b10b2e08e55438b6df1a285ce7.tar.gz nixpkgs-013e0890001024b10b2e08e55438b6df1a285ce7.tar.bz2 nixpkgs-013e0890001024b10b2e08e55438b6df1a285ce7.tar.lz nixpkgs-013e0890001024b10b2e08e55438b6df1a285ce7.tar.xz nixpkgs-013e0890001024b10b2e08e55438b6df1a285ce7.tar.zst nixpkgs-013e0890001024b10b2e08e55438b6df1a285ce7.zip | |
Merge pull request #130503 from flokli/nss-fix-ordering
nixos/systemd: fix NSS database ordering
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index ae9f97c139b..3695997f717 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -617,6 +617,77 @@ be removed in 22.05. </para> </listitem> + <listitem> + <para> + The order of NSS (host) modules has been brought in line with + upstream recommendations: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + The <literal>myhostname</literal> module is placed before + the <literal>resolve</literal> (optional) and + <literal>dns</literal> entries, but after + <literal>file</literal> (to allow overriding via + <literal>/etc/hosts</literal> / + <literal>networking.extraHosts</literal>, and prevent ISPs + with catchall-DNS resolvers from hijacking + <literal>.localhost</literal> domains) + </para> + </listitem> + <listitem> + <para> + The <literal>mymachines</literal> module, which provides + hostname resolution for local containers (registered with + <literal>systemd-machined</literal>) is placed to the + front, to make sure its mappings are preferred over other + resolvers. + </para> + </listitem> + <listitem> + <para> + If systemd-networkd is enabled, the + <literal>resolve</literal> module is placed before + <literal>files</literal> and + <literal>myhostname</literal>, as it provides the same + logic internally, with caching. + </para> + </listitem> + <listitem> + <para> + The <literal>mdns(_minimal)</literal> module has been + updated to the new priorities. + </para> + </listitem> + </itemizedlist> + <para> + If you use your own NSS host modules, make sure to update your + priorities according to these rules: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + NSS modules which should be queried before + <literal>resolved</literal> DNS resolution should use + mkBefore. + </para> + </listitem> + <listitem> + <para> + NSS modules which should be queried after + <literal>resolved</literal>, <literal>files</literal> and + <literal>myhostname</literal>, but before + <literal>dns</literal> should use the default priority + </para> + </listitem> + <listitem> + <para> + NSS modules which should come after <literal>dns</literal> + should use mkAfter. + </para> + </listitem> + </itemizedlist> + </listitem> </itemizedlist> </section> </section> |