net: use Go DNS resolver when nsswitch.conf permits

[bradfitz]

We should prefer the Go DNS resolver (over libc's) if the /etc/nsswitch.conf file permits, to avoid the cgo & thread overhead.

Initial CL is https://go-review.googlesource.com/8945

But before I submit that, I want to gather a bunch of /etc/nsswitch.conf files from different systems for more test data.

Please post yours here if it's unique.

Please include the OS/distro/version information, and which interesting OS packages you might have installed (e.g. Avahi) or not. Whatever's interesting info.

Thanks.

[minux]

Here is the default one on the solaris builder

# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

#
# /etc/nsswitch.conf:
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

passwd:     files
group:      files
hosts:      files mdns dns
ipnodes:    files mdns dns
networks:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup;  the system will 
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:   files
automount:  files
aliases:    files
services:   files
printers:   user files

auth_attr:  files
prof_attr:  files
project:    files

tnrhtp:     files
tnrhdb:     files

[minux]

This is the default one for the netbsd/386 builder:

#       $NetBSD: nsswitch.conf,v 1.6 2009/10/25 00:17:06 tsarna Exp $
#
# nsswitch.conf(5) -
#       name service switch configuration file
#


# These are the defaults in libc
#
group:          compat
group_compat:   nis
hosts:          files dns
netgroup:       files [notfound=return] nis
networks:       files
passwd:         compat
passwd_compat:  nis
shells:         files


# List of supported sources for each database
#
# group:                compat, dns, files, nis
# group_compat:         dns, nis
# hosts:                dns, files, nis, mdnsd, multicast_dns
# netgroup:             files, nis
# networks:             dns, files, nis
# passwd:               compat, dns, files, nis
# passwd_compat:        dns, nis
# shells:               dns, files, nis

[andybalholm]

FreeBSD 10:

#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/10.1/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
#
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

[andybalholm]

Ubuntu 14.04:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

[abraithwaite]

Arch with Avahi.

# Begin /etc/nsswitch.conf

passwd: files
group: files
shadow: files
publickey: files

hosts: files mdns dns myhostname
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

# End /etc/nsswitch.conf

abraithwaite at arch in ~ 
$ pkgfile /etc/nsswitch.conf
core/filesystem
abraithwaite at arch in ~ 
$ pacman -Q filesystem
filesystem 2015.02-1

[lstep]

Ubuntu 14.04.02

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files myhostname mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

[mdempsky]

On OpenBSD there's no nsswitch.conf file. Instead, host resolution database ordering is controlled by the "lookup" option in /etc/resolv.conf. E.g., "lookup bind file" (the default) means to check DNS, then fall back to /etc/hosts. There are also no "criterion" like in nsswitch.conf files, just a list of databases. See http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/resolv.conf.5

[cznic]

Linux 4670 3.16.0-34-generic #47-Ubuntu SMP Fri Apr 10 18:02:58 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

[dspezia]

Linux ncegcolnx329 3.0.13-0.27-default #1 SMP Wed Feb 15 13:33:49 UTC 2012 (d73692b) x86_64 x86_64 x86_64 GNU/Linux

A SLES11 SP2 box, running in a corporate environment using centrify:

passwd: centrifydc  files centrifydc
shadow: centrifydc  files centrifydc
group: centrifydc   files centrifydc

hosts:          files dns
networks:       files dns

services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
publickey:      files

bootparams:     files
automount:      files
aliases:        files

[mrauh]

openSUSE 13.2
Linux 3.16.7-7-desktop SMP PREEMPT Wed Dec 17 18:00:44 UTC 2014 (762f27a) x86_64 x86_64 x86_64 GNU/Linux

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd: compat
group:  compat

hosts:      files mdns_minimal [NOTFOUND=return] dns
networks:   files dns

services:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
netgroup:   files nis
publickey:  files

bootparams: files
automount:  files nis
aliases:    files

[martisch]

Xen.org XCP Host 1.6.10-61809c

passwd:     files
shadow:     files
group:      files

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus

Debian squeeze (6.0) LTS

passwd:         files [success=return notfound=continue unavail=continue tryagain=continue] ldap
group:          files [success=return notfound=continue unavail=continue tryagain=continue] ldap
shadow:         files [success=return notfound=continue unavail=continue tryagain=continue] ldap

hosts:          dns [success=return notfound=continue unavail=continue tryagain=continue] files [notfound=return]
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

[kornel661]

Gentoo with net-dns/avahi-0.6.31-r6
Linux km-laptop 3.19.4-gentookm #1 SMP Tue Apr 14 11:19:18 BST 2015 x86_64 Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz GenuineIntel GNU/Linux

# /etc/nsswitch.conf:
# $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $

passwd:      compat
shadow:      compat
group:       compat

# passwd:    db files nis
# shadow:    db files nis
# group:     db files nis

hosts:       files dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files

[ptman]

A customized file I've used on Ubuntu 10.04/12.04/14.04 with sssd:

passwd:         files sss
group:          files sss
shadow:         files
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

[Thomasdezeeuw]

Ubuntu 14.10
Linux 3.16.0-33-generic #44-Ubuntu SMP Thu Mar 12 12:19:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

[iand]

Debian Jessie
Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt4-3 (2015-02-03) x86_64 GNU/Linux

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat
gshadow:        files

hosts:          files myhostname mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

[groob]

CoreOS

Linux coreos02 3.19.3 #2 SMP Wed Apr 15 03:01:09 UTC 2015 x86_64 Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz GenuineIntel GNU/Linux

# /etc/nsswitch.conf:

passwd:      files usrfiles
shadow:      files usrfiles
group:       files usrfiles

hosts:       files usrfiles dns
networks:    files usrfiles dns

services:    files usrfiles
protocols:   files usrfiles
rpc:         files usrfiles

ethers:      files
netmasks:    files
netgroup:    files
bootparams:  files
automount:   files
aliases:     files

[nightlyone]

Please note, that .local doesn't imply avahi. It is a popular setup on large heterogeneous networks (e.g. Windows + Linux) to localize the effects of the DNS component of Active Directory to the "LAN". Sites which run that usually disable avahi for that to work, since they don't need it.

So a way to switch this assumption off in Go is needed.

[bradfitz]

@nightlyone, I know that local doesn't mean Avahi. But I also know that it's not a valid DNS TLD and Go doesn't do mDNS or Active Directory etc. So if it is seen, we use C like before. Why do you need a switch for that assumption?

[leelynne]

Amazon Linux AMI 2014.09
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis
passwd:     files
shadow:     files
group:      files
#hosts:     db files nisplus nis dns
hosts:      files dns
# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  nisplus
automount:  files
aliases:    files nisplus

[marineam]

As an extra kink for .local and avahi, it is actually configurable: (in /etc/avahi/avahi-daemon.conf)

[server]
#host-name=foo
#domain-name=local

Beyond avahi unless there is an explicit and well documented switch to force the use of the libc resolver this feels like a can of worms. There are a variety of options that can be set in /etc/host.conf (influences /etc/hosts) /etc/gai.conf (influences getaddrinfo in general) as well as the usual /etc/resolv.conf and /etc/nsswitch.conf. In the mind of a sysadmin or a distro maintainer I really need a way to tell Go to use libc because it isn't practical for Go to reliably know when its behavior differs from libc.

[martisch]

@bradfitz i would argue that local is a valid dns top-level domain but it has special treatment as you say "Any DNS query for a name ending with ".local." MUST be sent to the mDNS IPv4 link-local multicast address 224.0.0.251" http://tools.ietf.org/html/rfc6762

[adrianojn]

openSUSE 13.2
Linux opensuse 3.16.6-2-desktop #1 SMP PREEMPT Mon Oct 20 13:47:22 UTC 2014 (feb42ea) i686 i686 i386 GNU/Linux

passwd: compat
group:  compat

hosts:  files mdns_minimal [NOTFOUND=return] dns
networks:   files dns

services:   files
protocols:  files
rpc:    files
ethers: files
netmasks:   files
netgroup:   files nis
publickey:  files

bootparams: files
automount:  files nis
aliases:    files

[valpackett]

FreeBSD 10.1, almost stock, but I've added mdns! I use Apple's mDNSResponder for zeroconf *.local on FreeBSD.

#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/10.1/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
#
group: compat
group_compat: nis
hosts: files dns mdns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

[lpar]

Fedora 21. I seem to recall that I modified it from stock in order to favor IPv6 for mDNS since more of my devices are IPv6 than IPv4. Initial comment paragraphs stripped.

passwd:     files
shadow:     files
group:      files
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files mdns_minimal [NOTFOUND=return] dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus

[lpar]

Debian 7.8

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns6_minimal [NOTFOUND=return] dns mdns6 mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Same comments apply.

[mikioh]

Looks like this issue was fixed by https://go.googlesource.com/go/+/4a0ba7aa171a80fe798811a3fdc7c42b83dcda01.