Re: [gentoo-user] Why do we add the local host name to the 127.0.0.1 / ::1 entry in the /etc/hosts file?

[Grant Taylor <gtaylor@gentoo.tnetconsulting.net>]

On 3/10/21 10:43 AM, Mark Knecht wrote:
> OK, agreed, completely. localhost must be turned into an IP address.

:-)

> I guess what I was thinking was DNS means Server. If it's a Service 
> then that's different. I think we're in agreement that if it can find 
> the name in /etc/hosts, either actively or cached somewhere in memory, 
> then it doesn't have to send anything over a cable to get the answer.
> 
> And cable is too generic as I understand that DNS might be on this 
> machine.

How about we settle on a UDP and / or TCP connection to a service 
somewhere, local or remote, that translates a name to an IP.  ;-)

> Agreed but I suspect if I don't have it in /etc/hosts then I'm unlikely 
> to get results that make sense in real time, but that's case buy case.

I think a number of DNS servers are defaulting to resolve A queries for 
"localhost" to 127.0.0.1 and AAAA to ::1.  So, even if it's not in 
/etc/hosts, you'll still probably get the expected resolution.

> <LOL> I'm approaching my 66th birthday. Deep dark times for me are 
> almost certainly more recent dates than for you. ;-)

~chuckle~

> I took it as simply a Kerberos setup/config warning. Whoever wrote 
> that had an opinion, experience or both and wanted you to know that. I 
> didn't read anything more into it.

ACK

By default, Kerberos includes IP restrictions in tickets.  It chooses 
the IP based on what the system returns.  So if the system returns 
127.0.0.1 (or ::1) for the hostname, any tickets that use that IP will 
be non-viable / useless anywhere but localhost.

> The author cannot change what "some distros" do but wants to give 
> you a fighting chance to get Kerberos working in case you're using 
> one. Makes no sense to mention a specific distro because the list 
> probably changes over time.

Agreed.

> Basically "You'd be wise to look at your /etc/hosts file and fix 
> this silly configuration error that some distros do before trying to 
> setup Kerberos"

Yep.  Experience has shown that it breaks things.

> I'm not a sys admin nor a Gentoo developer or documenter so I cannot 
> comment on the manual specifically.
> 
> As I no longer run Gentoo - I haven't for about 3 years other than 
> one remaining VM seldom used and seldom updated - I'm way out of 
> touch with the actual manual but interested in the subject.

Fair enough.



-- 
Grant. . . .
unix || die