diff options
Diffstat (limited to 'man')
| -rw-r--r-- | man/nss-myhostname.xml | 13 | ||||
| -rw-r--r-- | man/nss-mymachines.xml | 2 | ||||
| -rw-r--r-- | man/nss-resolve.xml | 2 | ||||
| -rw-r--r-- | man/nss-systemd.xml | 2 |
4 files changed, 13 insertions, 6 deletions
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml index 9a1125caae..e23b24483e 100644 --- a/man/nss-myhostname.xml +++ b/man/nss-myhostname.xml @@ -67,9 +67,13 @@ <para>To activate the NSS modules, add <literal>myhostname</literal> to the line starting with <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para> - <para>It is recommended to place <literal>myhostname</literal> last in the <filename>nsswitch.conf</filename>' - <literal>hosts:</literal> line to make sure that this mapping is only used as fallback, and that any DNS or - <filename>/etc/hosts</filename> based mapping takes precedence.</para> + <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal> + and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the + first version, well-known names like <literal>localhost</literal> and the machine hostname are given + higher priority than the external configuration. This is recommended when the external DNS servers and + network are not absolutely trusted. In the second version, external configuration is given higher + priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable + in closely controlled networks, for example on a company LAN.</para> </refsect1> <refsect1> @@ -83,6 +87,9 @@ group: compat mymachines systemd shadow: compat +# Either (untrusted network): +hosts: mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns +# Or (only trusted networks): hosts: mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command> networks: files diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml index 71865874dd..1ff88aba2d 100644 --- a/man/nss-mymachines.xml +++ b/man/nss-mymachines.xml @@ -69,7 +69,7 @@ group: compat <command>mymachines</command> systemd shadow: compat -hosts: <command>mymachines</command> resolve [!UNAVAIL=return] files dns myhostname +hosts: <command>mymachines</command> resolve [!UNAVAIL=return] myhostname files dns networks: files protocols: db files diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml index 5c8b745881..cc33b2c082 100644 --- a/man/nss-resolve.xml +++ b/man/nss-resolve.xml @@ -67,7 +67,7 @@ group: compat mymachines systemd shadow: compat -hosts: mymachines <command>resolve [!UNAVAIL=return]</command> files dns myhostname +hosts: mymachines <command>resolve [!UNAVAIL=return]</command> myhostname files dns networks: files protocols: db files diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml index a5b3de73e7..ac22452bc3 100644 --- a/man/nss-systemd.xml +++ b/man/nss-systemd.xml @@ -65,7 +65,7 @@ group: compat [SUCCESS=merge] mymachines [SUCCESS=merge] <command>systemd</command> shadow: compat -hosts: mymachines resolve [!UNAVAIL=return] files dns myhostname +hosts: mymachines resolve [!UNAVAIL=return] myhostname files dns networks: files protocols: db files |