How to replace mdns4_minimal with BIND?

Question

Have Ubuntu 16.04 LTS version. According to task should install BIND as DNS server. I noticed in nsswitch.conf has:

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

Could you please explain what does mdns4_minimal and mdns4 mean and how to make the system use local BIND instance to resolve DNS queries?

Yes, I know how to start/stop BIND.

systemctl enable bind9
systemctl start/stop bind9.

Answer 1

mDNS or Multicast DNS service

It is provided by Avahi/Bonjour daemon, which lets small network computers to use names even if no central DNS is present. It uses by default the .local domain.

• If you are not using .local for your DNS server then set DNS after mDNS in nsswitch.conf (default)

  hosts: files mdns4_minimal dns [NOTFOUND=return] mdns4
  

  Otherwise .local is used by your DNS server (no use for mdns service)

  hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4
  

What is the difference between mdns4_minimal and mdns4?

To answer you, it is better to let know how to I collect such info and learn by yourself :) (## is for comment to tell objective for the command below it)

## Update "locate" database
~$ sudo updatedb
## Search for file with "mdns4_minimal" in its name
~$ locate mdns4_minimal
/lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2

## Look for which package installs that file
~$ dpkg -S /lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2
libnss-mdns:amd64: /lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2

## List all files from same package
~$ dpkg -L libnss-mdns:amd64
/.
/usr
/usr/share
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/libnss-mdns
/usr/share/doc
/usr/share/doc/libnss-mdns
/usr/share/doc/libnss-mdns/copyright
/usr/share/doc/libnss-mdns/README.html
/usr/share/doc/libnss-mdns/README.Debian
/usr/share/doc/libnss-mdns/style.css
/usr/share/doc/libnss-mdns/changelog.Debian.gz
/lib
/lib/x86_64-linux-gnu
/lib/x86_64-linux-gnu/libnss_mdns4.so.2
/lib/x86_64-linux-gnu/libnss_mdns_minimal.so.2
/lib/x86_64-linux-gnu/libnss_mdns.so.2
/lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2
/lib/x86_64-linux-gnu/libnss_mdns6.so.2
/lib/x86_64-linux-gnu/libnss_mdns6_minimal.so.2

## "README.html" looks the only documentation there, we open it
~$ xdg-open /usr/share/doc/libnss-mdns/README.html

Documentation

After compiling and installing nss-mdns you'll find six new NSS modules in /lib:

• libnss_mdns.so.2
• libnss_mdns4.so.2
• libnss_mdns6.so.2
• libnss_mdns_minimal.so.2
• libnss_mdns4_minimal.so.2
• libnss_mdns6_minimal.so.2

libnss_mdns.so.2 resolves both IPv6 and IPv4 addresses, libnss_mdns4.so.2 only IPv4 addresses and libnss_mdns6.so.2 only IPv6 addresses. Due to the fact that most mDNS responders only register local IPv4 addresses via mDNS, most people will want to use libnss_mdns4.so.2 exclusively. Using libnss_mdns.so.2 or libnss_mdns6.so.2 in such a situation causes long timeouts when resolving hosts since most modern Unix/Linux applications check for IPv6 addresses first, followed by a lookup for IPv4.

libnss_mdns{4,6,}_minimal.so (new in version 0.8) is mostly identical to the versions without _minimal. However, they differ in one way. The minimal versions will always deny to resolve host names that don't end in .local or addresses that aren't in the range 169.254.x.x (the range used by IPV4LL/APIPA/RFC3927.) Combining the _minimal and the normal NSS modules allows us to make mDNS authoritative for Zeroconf host names and addresses (and thus creating no extra burden on DNS servers with always failing requests) and use it as fallback for everything else.

IPv6 Support

• files & dns NSS modules, both supports resolving IPv6 besides IPv4.

• However, mdns4 & mdns4_minimal are only for IPv4.

  Same for mdns6 & mdns6_minimal are only for IPv6.

  mdns & mdns_minimal support both IPv4 & IPv6, but its use should be avoided if only a single IP version is deployed in the network. Because It will try to resolve to IPv6 then fall-back to IPv4, which can create additional delay.

  BTW, the current default setup of Avahi is IPv4, it is a decentralized service. So to go with IPv6, alls machine should reconfigured to use IPv6 in nsswitch and avahi too.

Are there any other []'s similar to [NOTFOUND=return]?

Yes, as we can see from man nsswitch.conf

   An action may also be specified following a service specification.   The  action  modifies
   the  behavior  following  a  result obtained from the preceding data source.  Action items
   take the general form:
   [STATUS=ACTION]
   [!STATUS=ACTION]


where
   STATUS => success | notfound | unavail | tryagain
   ACTION => return | continue


The ! negates the test, matching all possible results except the one specified.  The  case
   of the keywords is not significant.
The  STATUS  value is matched against the result of the lookup function called by the pre‐
   ceding service specification, and can be one of:
   success     No error occurred and the requested entry is returned.  The default action
               for this condition is "return".

   notfound    The  lookup succeeded, but the requested entry was not found.  The default
               action for this condition is "continue".

   unavail     The service is permanently unavailable.  This can  mean  either  that  the
               required file cannot be read, or, for network services, that the server is
               not available or does not allow queries.  The default action for this con‐
               dition is "continue".

   tryagain    The  service is temporarily unavailable.  This could mean a file is locked
               or a server currently cannot accept more connections.  The default  action
               for this condition is "continue".


The ACTION value can be one of:
   return      Return  a result now.  Do not call any further lookup functions.  However,
               for compatibility reasons, if this is the selected action  for  the  group
               database and the notfound status, and the configuration file does not con‐
               tain the initgroups line, the next lookup function is always called, with‐
               out affecting the search result.

   continue    Call the next lookup function.

Related Questions:

• Why does the host command not resolve entries in /etc/hosts?