Unverified Commit bba808db authored by Sandro Jäckel's avatar Sandro Jäckel
Browse files

nixos/avahi-daemon: resolve mdns only over enabled protocols, disable ipv6 by default 

see https://github.com/lathiat/nss-mdns#:~:text=in%20such%20a%20situation%20causes%20long%20timeouts%20when%20resolving%20hosts
especially:
> libnss_mdns.so.2 resolves both IPv6 and IPv4 addresses, libnss_mdns4.so.2 only IPv4 addresses and
> libnss_mdns6.so.2 only IPv6 addresses. Due to the fact that most mDNS responders only register local IPv4
> addresses via mDNS, most people will want to use libnss_mdns4.so.2 exclusively. Using libnss_mdns.so.2
> or libnss_mdns6.so.2 in such a situation causes long timeouts when resolving hosts since most modern
> Unix/Linux applications check for IPv6 addresses first, followed by a lookup for IPv4.
parent 3bc05045

nixos/doc/manual/release-notes/rl-2405.section.md

+3 −0
Original line number Diff line number Diff line
@@ -30,6 +30,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m 
- `mkosi` was updated to v19. Parts of the user interface have changed. Consult the

  [release notes](https://github.com/systemd/mkosi/releases/tag/v19) for a list of changes.



- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.

  Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.



## Other Notable Changes {#sec-release-24.05-notable-changes}



<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

nixos/modules/services/networking/avahi-daemon.nix

+30 −5
Original line number Diff line number Diff line
@@ -42,6 +42,7 @@ in 
{

  imports = [

    (lib.mkRenamedOptionModule [ "services" "avahi" "interfaces" ] [ "services" "avahi" "allowInterfaces" ])

    (lib.mkRenamedOptionModule [ "services" "avahi" "nssmdns" ] [ "services" "avahi" "nssmdns4" ])

  ];



  options.services.avahi = {
@@ -93,7 +94,7 @@ in 


    ipv6 = mkOption {

      type = types.bool;

      default = config.networking.enableIPv6;

      default = false;

      defaultText = literalExpression "config.networking.enableIPv6";

      description = lib.mdDoc "Whether to use IPv6.";

    };
@@ -218,13 +219,28 @@ in 
      };

    };



    nssmdns = mkOption {

    nssmdns4 = mkOption {

      type = types.bool;

      default = false;

      description = lib.mdDoc ''

        Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4.

        Enabling it allows applications to resolve names in the `.local`

        domain by transparently querying the Avahi daemon.

      '';

    };



    nssmdns6 = mkOption {

      type = types.bool;

      default = false;

      description = lib.mdDoc ''

        Whether to enable the mDNS NSS (Name Service Switch) plug-in.

        Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6.

        Enabling it allows applications to resolve names in the `.local`

        domain by transparently querying the Avahi daemon.



        ::: {.note}

        Due to the fact that most mDNS responders only register local IPv4 addresses,

        most user want to leave this option disabled to avoid long timeouts when applications first resolve the none existing IPv6 address.

        :::

      '';

    };
@@ -257,8 +273,17 @@ in 
    users.groups.avahi = { };



    system.nssModules = optional cfg.nssmdns pkgs.nssmdns;

    system.nssDatabases.hosts = optionals cfg.nssmdns (mkMerge [

      (mkBefore [ "mdns_minimal [NOTFOUND=return]" ]) # before resolve

    system.nssDatabases.hosts = let

      mdnsMinimal = if (cfg.nssmdns4 && cfg.nssmdns6) then

        "mdns_minimal"

      else if (!cfg.nssmdns4 && cfg.nssmdns6) then

        "mdns6_minimal"

      else if (cfg.nssmdns4 && !cfg.nssmdns6) then

        "mdns4_minimal"

      else

        "";

    in optionals (cfg.nssmdns4 || cfg.nssmdns6) (mkMerge [

      (mkBefore [ "${mdnsMinimal} [NOTFOUND=return]" ]) # before resolve

      (mkAfter [ "mdns" ]) # after dns

    ]);