Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does nss-mdns query the default DNS before avahi? #79

Open
Mek101 opened this issue May 1, 2021 · 12 comments
Open

Why does nss-mdns query the default DNS before avahi? #79

Mek101 opened this issue May 1, 2021 · 12 comments

Comments

@Mek101
Copy link

Mek101 commented May 1, 2021

Trying to solve my local network's server name can take up to 14 seconds on all my local devices.
The avahi daemon cache is enabled on my Arch, Manjaro and Linux Mint clients, as well as in my Void-Linux musl server.

[mek101@arch-aspire ~]$ time getent hosts home-server.local
fe80::be5f:f4ff:fef8:2c96 home-server.local

real	0m14,026s
user	0m0,005s
sys	0m0,007s
[mek101@arch-aspire ~]$ time getent hosts home-server.local -s mdns
fe80::be5f:f4ff:fef8:2c96 home-server.local

real	0m8,323s
user	0m0,001s
sys	0m0,012s
[mek101@arch-aspire ~]$ time getent hosts home-server.local -s mdns_minimal
fe80::be5f:f4ff:fef8:2c96 home-server.local

real	0m5,087s
user	0m0,001s
sys	0m0,009s
[mek101@arch-aspire ~]$ time getent hosts home-server.local -s mdns4
192.168.0.100   home-server.local

real	0m14,045s
user	0m0,002s
sys	0m0,007s
[mek101@arch-aspire ~]$ time getent hosts home-server.local -s mdns4_minimal
192.168.0.100   home-server.local

real	0m5,279s
user	0m0,000s
sys	0m0,010s
@Mek101
Copy link
Author

Mek101 commented May 3, 2021

Apparently the slow name resolution was caused by my router setting itself as the default DNS and timing out: https://unix.stackexchange.com/questions/647832/why-does-getent-default-to-station-if-no-tld-is-specified

Still, why does the mdns option on /etc/nsswitch.conf query the default DNS before avahi? Analyzing getent behavior with strace it seems to query the dns even with the -s mnds4 option

@Mek101 Mek101 changed the title Slow name resolution Why does nss-mdns query the default DNS before avahi? May 3, 2021
@pemensik
Copy link
Member

According to README.md, it is clearly documented mdns does SOA query to local. DNS domain, checking whether it is handled by DNS server. If your DNS server just timeouts, resolution time might be quite long. Consider using just mdns_minimal, which tries resolution of *.local using mdns only. Or fix your DNS server to respond. Unless local domain is served by DNS, I doubt there is any good reason to have also mdns plugin enabled.

@Mek101
Copy link
Author

Mek101 commented May 14, 2021

Consider using just mdns_minimal

I changed my nsswitch.conf to hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname, but I'm seeing the same behavior

Or fix your DNS server to respond.

Unfortunately I can't do that, I'm using a Vodafone Power Station and I don't have access to it's dnsmasq configuration because of vendor lockdown

@pemensik
Copy link
Member

Oh, I can see similar results only when names are not found. It is strange. Okay, even mdns*_minimal queries local DNS. Can you change configured DNS to your own server? Unless provider has reliable one, can you update DHCP offered DNS server to something not broken? As a workaround, you should be still able to override DNS server in network manager only for your machine.

@pemensik
Copy link
Member

It queries localhost DNS to check, whether there exists local. domain in DNS. If it does, it would not use Avahi for multicast lookup, but use just DNS. I haven't found any way to skip this check and force avahi lookup. The only difference between mdns_minimal and mdns is that is does not try to read /etc/mdns.allow file. But it still checks local. SOA test in both cases.

@agoode
Copy link
Collaborator

agoode commented May 15, 2021

You should be able to disable the SOA checking if you switch to the non-minimal library and configure mdns.allow. See https://github.com/lathiat/nss-mdns#etcmdnsallow and search for the word "heuristic".

Let me know how it works.

@Mek101
Copy link
Author

Mek101 commented May 15, 2021
edited
Loading

@pemensik

Can you change configured DNS to your own server?

The power station sets itself as the first dns name resolver anyway

Unless provider has reliable one, can you update
DHCP offered DNS server to something not broken?

I use both my server as a dns and 9.9.9.9

@agoode
Will try

@Mek101
Copy link
Author

Mek101 commented May 16, 2021

I created a /etc/mdns.allow with the following content as suggested by the readme:

.local.
.local

And changed my /etc/nsswitch.conf line to

hosts: files mdns4 [NOTFOUND=return] dns myhostname

But getnent still queries the dns!
From strace getent hosts home-server.local

connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16) = 0
poll([{fd=3, events=POLLOUT}], 1, 0)    = 1 ([{fd=3, revents=POLLOUT}])
sendto(3, "Jl\1\0\0\1\0\0\0\0\0\0\vhome-server\5local\0\0"..., 35, MSG_NOSIGNAL, NULL, 0) = 35

I already tried rebooting

@agoode
Copy link
Collaborator

agoode commented May 16, 2021

Thanks for doing the strace. Are you able to observe the binary reading mdns.allow and successfully reading the contents? If it does so, then no unicast DNS should happen.

@Mek101
Copy link
Author

Mek101 commented May 17, 2021
edited
Loading

On my manjaro machine, it reads /etc/mdns.allow after having queried the dns!
strace getent hosts home-server.local: strace.txt

/etc/mdns.allow is opened at line 224 of the log, while the dns are queried from line 133

@tomeq82
Copy link

tomeq82 commented Oct 13, 2021

I'm observing the very same behavior, Ubuntu 20.04.3, updated fully. No matter if I use systemd-resolved or not, with avahi daemon running or not it seems that the udp 5353 queries for any .local do not work at all.... I did some tcpdumps and no avail.

@Mek101 Mek101 mentioned this issue Oct 13, 2021
Closed
@pemensik
Copy link
Member

Ah, yes, reproduced that. That query to DNS is in fact AAAA query, which is NOT handled by mdns4. When I replaced mdns4 with just mdns, it does not reach to DNS at all.

hosts:      files myhostname mdns4 [NOTFOUND=return] resolve [!UNAVAIL=return] dns
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (Adresář nebo soubor neexistuje)
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (Adresář nebo soubor neexistuje)
connect(3, {sa_family=AF_UNIX, sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = -1 ENOENT (Adresář nebo soubor neexistuje)
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/avahi-daemon/socket"}, 110) = 0

hosts:      files myhostname mdns [NOTFOUND=return] resolve [!UNAVAIL=return] dns
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (Adresář nebo soubor neexistuje)
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (Adresář nebo soubor neexistuje)
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/avahi-daemon/socket"}, 110) = 0
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/avahi-daemon/socket"}, 110) = 0

Now the question is, whether mdns4_minimal is a good default configuration in this case. It seems wrong to me.

@pemensik pemensik mentioned this issue Dec 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@agoode @pemensik @Mek101 @tomeq82