man: stop recommending putting myhostname after dns

nss-resolve also looks in /etc/hosts, and has the same local hostname resolving logic as nss-myhostname. We shouldn't recommend another order than nss-resolve uses internally. When nss-resolve is used, there's no possibility to override nss-myhostname hosts via DNS *anyway*. On top of that, it's not a good idea to allow DNS to override local hostnames as all - at least not something we should advertise in the docs. Followup of f918c67d38ba6ccd4eb0dc657f3f3155e5010cae / https://github.com/systemd/systemd/pull/16754.
2025-01-23 02:04:32 +03:00 · 2021-07-01 22:11:27 +02:00 · 2021-07-01 22:11:27 +02:00 · ce266330fc
commit ce266330fc
parent b905f3bbba
1 changed files with 6 additions and 10 deletions
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@ -73,13 +73,12 @@
    <para>To activate the NSS modules, add <literal>myhostname</literal> to the line starting with
    <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>

-    <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
-    and "traditional" modules like <literal>dns</literal>, or after them. In the first version, well-known
-    names like <literal>localhost</literal> and the machine hostname are given higher priority than the
-    external configuration. This is recommended when the external DNS servers and network are not absolutely
-    trusted. In the second version, external configuration is given higher priority and
-    <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable in closely
-    controlled networks, for example on a company LAN.</para>
+    <para>It is recommended to place <literal>myhostname</literal> after <literal>file</literal> and before <literal>dns</literal>.
+    This resolves well-known hostnames like <literal>localhost</literal>
+    and the machine hostnames locally. It is consistent with the behaviour
+    of <command>nss-resolve</command>, and still allows overriding via
+    <filename>/etc/hosts</filename>.
+    </para>
  </refsect1>

  <refsect1>
@ -95,10 +94,7 @@ shadow:         compat systemd
 gshadow:        files systemd


-# Either (untrusted network, see above):
 hosts:          mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
-# Or (only trusted networks):
-hosts:          mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
 networks:       files

 protocols:      db files