From af975abf45c0c1a63f0b1c6d51da24c1eff0eb11 Mon Sep 17 00:00:00 2001
From: Michele Bologna <michele.bologna@suse.com>
Date: Wed, 16 Sep 2020 00:09:01 +0200
Subject: [PATCH] Docs: add mdns.allow to troubleshooting section

I was resolution problems with Avahi on an openSUSE 15.2 host trying to
resolve a sumaform'ed Uyuni server:

```
opensuse # avahi-resolve -n uyuni.tf.local
uyuni.tf.local 192.168.122.154
ping: uyuni.tf.local: Name or service not known
PING 192.168.122.154 (192.168.122.154) 56(84) bytes of data.
64 bytes from 192.168.122.154: icmp_seq=1 ttl=64 time=0.245 ms
```

The problem disappears when I change Avahi configuration in the Uyuni
host to use the first-level domain `local` (instead of `tf.local`).

Turns out that in the newest version of `nss-mdns` (shipping with
OpenSUSE 15.2), second-level `.local` domains must be explicitly allowed
to be resolved in `/etc/mdns.allow` AND `mdns` (not `mdns_minimal`) must
be used in `nsswitch.conf`.
The latter is already covered in the troubleshooting, I took care of
adding the former information into the docs.

Upstream issue: https://github.com/lathiat/nss-mdns/issues/64
Upstream resolution (linked in sumaform docs):
https://github.com/lathiat/nss-mdns/blob/master/README.md#etcmdnsallow
---
 TROUBLESHOOTING.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/TROUBLESHOOTING.md b/TROUBLESHOOTING.md
index 67a35e820..baaf51bcb 100644
--- a/TROUBLESHOOTING.md
+++ b/TROUBLESHOOTING.md
@@ -39,6 +39,15 @@ hosts:          files mdns [NOTFOUND=return] dns
 ```
 `mdns` (optionally suffixed with `4` for IPv4-only or `6` for IPv6-only) should be present in this line. If it is not, add it.
 
+Starting with `nss-mdns` version 0.14.1, you also need to populate `/etc/mdns.allow` with:
+
+```
+.local.
+.local
+```
+
+`mdns.allow` is required to [force all .local domains to be resolved regardless of label count or unicast SOA records](https://github.com/lathiat/nss-mdns/blob/master/README.md#etcmdnsallow).
+
 ## Q: how can I work around slowness in resolution of `tf.local` mDNS/Zeroconf/Bonjour/Avahi names?
 
 If there is a 5-second delay on any name resolution (or ping) between Avahi hosts, a likely cause is that ipv6 is enabled on the VMs (that is the default setting) but the network is blocking ipv6 traffic.