[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nsdispatch errors on security/spiped when mdns lookups are enabled

Hi Dave,

On 11/07/16 14:12, Dave Cottlehuber wrote:
> [...]
> Is there anything I can do here to have the best of both worlds (working
> mdns, no root server spam, & happy spiped with tidy logs)?

I'm not particularly familiar with mdns or how nsswitch.conf is used, but I
do notice one thing in your spiped configuration:

> spiped_pipes="${spiped_pipes} COUCHDB_PRIMARY COUCHDB_BACKUP"
> spiped_pipe_COUCHDB_PRIMARY_mode="client"
> spiped_pipe_COUCHDB_PRIMARY_source=""
> spiped_pipe_COUCHDB_PRIMARY_target="c1.skunkwerks.at:45984"

The address "" is interpreted by spiped as a host name and is
resolved using getaddrinfo (just like the "c1.skunkwerks.at" is).  To
specify a "raw" IP address, add square brackets: "[]:5984".

You can also avoid target address re-resolution traffic by passing
the -R command-line option to spiped.  I didn't put this into the rc.d
script I wrote for FreeBSD, but it would be simple enough to add.

Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid