Placement of "myhostname" inside "/etc/nsswitch.conf"

It appears that with the recent versions of Fedora (>= 33?) the default placement of “myhostname” inside the “/etc/nsswitch.conf” file is after “files”.

hosts: files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns

This, however, does no longer allow DNS services to resolve the hostname to its FQDN. When trying to join a domain, it will even fail due to that reason.

While I can work around by manually placing it to where it used to be (in between “resolve” and “dns”)…

hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] myhostname dns

… as soon as I join the machine, it starts some processes in the background and flips it right back to before my change. While the joining works and I can, of course, throw it back to where I placed it 5 minutes ago again, I fear that without a proper configuration, this may as well be undone again in the future at a time I least expect it to happen.

I want to avoid adding the immutable attribute to that file as it may have other consequences and/or using a script in a cron job to watch that my settings are keeping sane.

My impression is that this may have been introduced at the same time SystemD ResolveD was introduced (maybe even due to its introduction), but cannot be sure.

Re-reading “/etc/nsswitch.conf”, I can see in its comments:

myhostname Use systemd host names

So, it indeed appears to originate from SystemD ResolveD.

Since I doubt that SystemD ResolveD is all but a short-time farce, which will pass by, it may be better to get this properly configured. It’s default settings at least do not seem to care too much about the very reason it was developed to replace (which includes other DNS services to resolve its own hostname to the FQDN).

Is there a way to configure SystemD ResolveD to accept that there are DNS servers out there to resolve the hostname for it or is the only way really the above dodgy workaround and/or to get rid of it entirely?

1 Like

You probably need the following:

sudo nmcli connection show
sudo nmcli connection modify id CON_NAME \
    ipv4.dns-search "" \
    ipv6.dns-search ""
sudo nmcli connection up id CON_NAME

It works for me like this:

> nmcli -g ipv4.dns-search,ipv6.dns-search connection show id wg0

> grep -e ^hosts: /etc/nsswitch.conf
hosts: files resolve myhostname

> grep -e ^search /etc/resolv.conf

> readlink -f /etc/resolv.conf

> getent hosts ${HOSTNAME%%.*}

> nslookup ${HOSTNAME%%.*}

Non-authoritative answer:
Address: 2001:0db8:85a3::7334

> resolvectl --legend=no query ${HOSTNAME%%.*}
fedora: 2001:0db8:85a3::7334               -- link: wg0

> resolvectl --no-pager status wg0 
Link 5 (wg0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=no/unsupported
Current DNS Server:
       DNS Servers: 2001:4860:4860::8888 2001:4860:4860::8844
        DNS Domain: ~.

> cat /etc/systemd/resolved.conf.d/00-custom.conf 

According to your output, you have changed “/etc/nsswitch.conf” as well, effectively doing the same workaround as I did and “disabled” myhostname (since resolve already provides a valid answer).

The main problem I describe is that myhostname is getting “corrected” to the second position after files. As a workaround I did change it the second-last position (between resolve and dns, where it used to be). However, when joining to the domain (realm join <domain>), this change is getting reverted to myhostname being at the second position.

I mean, I can possibly add the FQDN to my host in the “/etc/hosts” file, since it is getting read first by default. But this is like hard-coding the name. All I am looking forward to is that SystemD ResolveD is playing nice by receiving and using the host name as outlined by the DNS service.

So, my question was (and still is): How do I configure SystemD ResolveD to resolve/receive the FQDN of my computer as seen on the network (ideally without hard-coding it into “/etc/hosts” or workarounds which can revert back in the least expecting moment)?

1 Like

This is the script:
Tree - rpms/systemd -

It does not apply to me since I have disabled nss-dns, and you can do the same.

Domain joining probably invokes authconfig or something.
It should also offer an option to skip the NSS config modification.

If you need the FQDN, set the hostname like this:

sudo hostnamectl set-hostname
1 Like