From bba808dbfa89c8d974b248f4bf3c7716312dc704 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 1 Oct 2023 15:35:35 +0200 Subject: [PATCH] nixos/avahi-daemon: resolve mdns only over enabled protocols, disable ipv6 by default see https://github.com/lathiat/nss-mdns#:~:text=in%20such%20a%20situation%20causes%20long%20timeouts%20when%20resolving%20hosts especially: > libnss_mdns.so.2 resolves both IPv6 and IPv4 addresses, libnss_mdns4.so.2 only IPv4 addresses and > libnss_mdns6.so.2 only IPv6 addresses. Due to the fact that most mDNS responders only register local IPv4 > addresses via mDNS, most people will want to use libnss_mdns4.so.2 exclusively. Using libnss_mdns.so.2 > or libnss_mdns6.so.2 in such a situation causes long timeouts when resolving hosts since most modern > Unix/Linux applications check for IPv6 addresses first, followed by a lookup for IPv4. --- .../manual/release-notes/rl-2405.section.md | 3 ++ .../services/networking/avahi-daemon.nix | 35 ++++++++++++++++--- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 9191a204a7a19..2a7526ff9058d 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -30,6 +30,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `mkosi` was updated to v19. Parts of the user interface have changed. Consult the [release notes](https://github.com/systemd/mkosi/releases/tag/v19) for a list of changes. +- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively. + Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts. + ## Other Notable Changes {#sec-release-24.05-notable-changes} diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index de51843ba6f9c..4bf5badfa1f44 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -42,6 +42,7 @@ in { imports = [ (lib.mkRenamedOptionModule [ "services" "avahi" "interfaces" ] [ "services" "avahi" "allowInterfaces" ]) + (lib.mkRenamedOptionModule [ "services" "avahi" "nssmdns" ] [ "services" "avahi" "nssmdns4" ]) ]; options.services.avahi = { @@ -93,7 +94,7 @@ in ipv6 = mkOption { type = types.bool; - default = config.networking.enableIPv6; + default = false; defaultText = literalExpression "config.networking.enableIPv6"; description = lib.mdDoc "Whether to use IPv6."; }; @@ -218,13 +219,28 @@ in }; }; - nssmdns = mkOption { + nssmdns4 = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4. + Enabling it allows applications to resolve names in the `.local` + domain by transparently querying the Avahi daemon. + ''; + }; + + nssmdns6 = mkOption { type = types.bool; default = false; description = lib.mdDoc '' - Whether to enable the mDNS NSS (Name Service Switch) plug-in. + Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6. Enabling it allows applications to resolve names in the `.local` domain by transparently querying the Avahi daemon. + + ::: {.note} + Due to the fact that most mDNS responders only register local IPv4 addresses, + most user want to leave this option disabled to avoid long timeouts when applications first resolve the none existing IPv6 address. + ::: ''; }; @@ -257,8 +273,17 @@ in users.groups.avahi = { }; system.nssModules = optional cfg.nssmdns pkgs.nssmdns; - system.nssDatabases.hosts = optionals cfg.nssmdns (mkMerge [ - (mkBefore [ "mdns_minimal [NOTFOUND=return]" ]) # before resolve + system.nssDatabases.hosts = let + mdnsMinimal = if (cfg.nssmdns4 && cfg.nssmdns6) then + "mdns_minimal" + else if (!cfg.nssmdns4 && cfg.nssmdns6) then + "mdns6_minimal" + else if (cfg.nssmdns4 && !cfg.nssmdns6) then + "mdns4_minimal" + else + ""; + in optionals (cfg.nssmdns4 || cfg.nssmdns6) (mkMerge [ + (mkBefore [ "${mdnsMinimal} [NOTFOUND=return]" ]) # before resolve (mkAfter [ "mdns" ]) # after dns ]);