From: aurel32@debian.org   
      
   Hi,   
      
   On 2026-02-07 10:50, Simon McVittie wrote:   
   > Control: retitle -1 libnss-mdns: DNS tried before mDNS despite configuration   
   for mdns4_minimal first   
   > Control: tags -1 + moreinfo   
   >    
   > On Sat, 07 Feb 2026 at 10:54:21 +0900, 황병주 wrote:   
   > > mDNS name resolution via libnss-mdns is completely broken on Debian trixie   
   > > with glibc 2.41. The NSS module is loaded but never called, causing .local   
   > > hostnames to fall through to DNS instead of being resolved via mDNS.   
   >    
   > I was unable to reproduce this on a trixie machine.   
   >    
   > Steps:   
   >    
   > 1. Install libnss-mdns and avahi-daemon on Debian trixie (glibc 2.41)   
   > . Have another host ($OTHER) with mDNS, on the same network   
   > 3. Edit /etc/nsswitch.conf to contain:   
   >    hosts: files dns   
   > 4. getent hosts $OTHER.local; echo $? -> no output, exit status 2   
   > 5. Edit /etc/nsswitch.conf to contain:   
   >    hosts: files mdns4_minimal [NOTFOUND=return] dns   
   > 6. getent hosts $OTHER.local; echo $? -> resolved, exit status 0   
   >    
   > But, something that I *do* observe in this configuration is that a strace'd   
   > getent process does a connect() to my DNS server (in my case it's   
   > systemd-resolved) *before* connecting to the Avahi socket:   
   >    
   > $ strace -e openat,connect getent hosts remnant.local   
   > ...   
      
   I think there are two issues with this command:   
      
   - You should add a final dot, so that the search is not expanded with    
     the search domains from /etc/resolv.conf, which libnss-mdns obviously    
     can't handle and then goes to your configured recursive DNS resolver.   
      
   - You should use ahosts instead of hosts. hosts uses the deprecated   
     gethostbyname2() interface, which does explicit lookups with AF_INET    
     and AF_INET6. The latter is not supported given your nsswitch.conf.     
     On the other hand ahosts uses getaddrinfo() with AF_UNSPEC.    
     Alternatively you should either add mdns6_minimal entry or even better    
     use mdns_minimal instead (why isn't that the default noawdays?).   
      
   > openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2",   
   O_RDONLY|O_CLOEXEC) = 3   
   > connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=in   
   t_addr("127.0.0.53")}, 16) = 0   
   > connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=in   
   t_addr("127.0.0.53")}, 16) = 0   
   > connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=in   
   t_addr("127.0.0.53")}, 16) = 0   
      
   This three lookups are likely due to the missing final dot and the use of    
   hosts instead of ahosts.   
      
   > openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 3   
   > connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=in   
   t_addr("127.0.0.53")}, 16) = 0   
      
   This one is due to libnss-mdns doing a SOA lookup of the .local domain.    
   This is by design in libnss-mdns, which implements the heuristic    
   described in https://support.apple.com/en-us/HT201275. This is not    
   linked with glibc.   
      
   > connect(3, {sa_family=AF_FILE, path="/run/avahi-daemon/socket"}, 110) = 0   
   > REDACTED  remnant.local   
      
   Regards   
   Aurelien   
      
   --    
   Aurelien Jarno                          GPG: 4096R/1DDD8C9B   
   aurelien@aurel32.net                     http://aurel32.net   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)