From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 229241382C5 for ; Wed, 10 Mar 2021 18:37:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 93A68E0880; Wed, 10 Mar 2021 18:37:06 +0000 (UTC) Received: from tncsrv06.tnetconsulting.net (tncsrv06.tnetconsulting.net [IPv6:2600:3c00:e000:1e9::8849]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2E1A8E0848 for ; Wed, 10 Mar 2021 18:37:05 +0000 (UTC) Received: from Contact-TNet-Consulting-Abuse-for-assistance by tncsrv06.tnetconsulting.net (8.15.2/8.15.2/Debian-3) with ESMTPSA id 12AIb3i6001709 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Wed, 10 Mar 2021 12:37:04 -0600 Subject: Re: [gentoo-user] Why do we add the local host name to the 127.0.0.1 / ::1 entry in the /etc/hosts file? To: gentoo-user@lists.gentoo.org References: <65049b74-842b-0211-bbfe-35607c279a75@spamtrap.tnetconsulting.net> <3670ec37-c1ba-2351-9999-11f7ef1917dc@spamtrap.tnetconsulting.net> From: Grant Taylor Organization: TNet Consulting Message-ID: <2e0ee4c9-ef67-f58f-7d38-f0d8984aac40@spamtrap.tnetconsulting.net> Date: Wed, 10 Mar 2021 11:37:03 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: 220a953d-ed34-4fc6-a6ae-f64f420b73d3 X-Archives-Hash: 4ed7ce4786395a6950fb7ba265fc1831 On 3/10/21 10:43 AM, Mark Knecht wrote: > OK, agreed, completely. localhost must be turned into an IP address. :-) > I guess what I was thinking was DNS means Server. If it's a Service > then that's different. I think we're in agreement that if it can find > the name in /etc/hosts, either actively or cached somewhere in memory, > then it doesn't have to send anything over a cable to get the answer. > > And cable is too generic as I understand that DNS might be on this > machine. How about we settle on a UDP and / or TCP connection to a service somewhere, local or remote, that translates a name to an IP. ;-) > Agreed but I suspect if I don't have it in /etc/hosts then I'm unlikely > to get results that make sense in real time, but that's case buy case. I think a number of DNS servers are defaulting to resolve A queries for "localhost" to 127.0.0.1 and AAAA to ::1. So, even if it's not in /etc/hosts, you'll still probably get the expected resolution. > I'm approaching my 66th birthday. Deep dark times for me are > almost certainly more recent dates than for you. ;-) ~chuckle~ > I took it as simply a Kerberos setup/config warning. Whoever wrote > that had an opinion, experience or both and wanted you to know that. I > didn't read anything more into it. ACK By default, Kerberos includes IP restrictions in tickets. It chooses the IP based on what the system returns. So if the system returns 127.0.0.1 (or ::1) for the hostname, any tickets that use that IP will be non-viable / useless anywhere but localhost. > The author cannot change what "some distros" do but wants to give > you a fighting chance to get Kerberos working in case you're using > one. Makes no sense to mention a specific distro because the list > probably changes over time. Agreed. > Basically "You'd be wise to look at your /etc/hosts file and fix > this silly configuration error that some distros do before trying to > setup Kerberos" Yep. Experience has shown that it breaks things. > I'm not a sys admin nor a Gentoo developer or documenter so I cannot > comment on the manual specifically. > > As I no longer run Gentoo - I haven't for about 3 years other than > one remaining VM seldom used and seldom updated - I'm way out of > touch with the actual manual but interested in the subject. Fair enough. -- Grant. . . . unix || die