Resolving `.local` name (mDNS only)

Question

I have a home network set up using mDNS, containing assorted systems (including an always-on Raspberry Pi). My machines are running avahi daemons, so the current situation is:

• everybody on the network can resolve host.local names.

What I want in addition:

• the machines that I administrate can also resolve host to the same address as host.local.

I could think of three ways to do that:

1. Put search local in /etc/resolv.conf: this is not honored by mDNS as it was supposedly “causing problems”. I could recompile with the --enable-search-domains options on all my machines.

2. Write static /etc/hosts files in all network machines. This is what I currently do. However, it makes configuration distributed, which I want to avoid (these files do eventually go out-of-sync).

3. Set up a DNS server on the network. However, the router provided with the Internet access does not do DNS (this is almost a good reason to change for another company), so I would need to set it up on the Raspberry. This also poses the problem of a distributed configuration: the static DNS info on the Raspberry would eventually go out of sync with the mDNS information, so that host and host.local could confusingly point to two different IP addresses...

So, my question is:

• what are the “problems” posed by the --enable-search-domains option? (The only one I see is that it enables anyone on the LAN to set up an unqualified host name, but 1. I don't use unqualified host names apart from those I already control, and 2. LAN access is already restricted to trusted peers anyway).

• did I miss any other fourth option? (such as, setup a DNS server + a crontab periodically feeding it with some output of an avahi-browse command?)

Answer 1

The reason mdns doesn't append .local or search domains is because there is no NXDOMAIN or similar concept in mdns.

So if mdns fails to find a resolution in any caches, it must send a multicast query and wait to see if anything responds. This timeout is lengthy enough for "causing problems".

The following doesn't answer the question, but is speculative of possible implementations to resolve some of the issues.

What I would wish for is to explicitly append .local to hostnames without any dots at the end of the nss chain. E.G.

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns_append

Perhaps it would also be possible to specify a "cache only" mdns resolution. Perhaps with an nsswitch like this

hosts: files mdns4_minimal [NOTFOUND=return] mdns_append_cacheonly dns mdns_append

I envision mdns_append trying both with and without .local appended.

Answer 2

I suspect the option is 'not recommended' because it's nearly useless in practice: almost all other mDNS implementations use the .local domain only, so trying to do lookups for whatever domain you happened to obtain from DHCP would only introduce additional delays most of the time. There are also security issues mentioned in the actual mDNS spec.

Instead, nss-mdns could be patched to specifically append .local to dotless names before trying to look them up, instead of using the resolv.conf domains.