Why do I need to change the order of hosts in nsswitch.conf?
Your company uses a DNS domain ending with .local
, which is actually a special-purpose suffix and is reserved by IETF for Multicast DNS. So because you have a mDNS client installed (mdns4_minimal), it gets configured for priority handling of all *.local
names.
(It is unfortunately still common practice in corporate intranets to just make up a nonexistent domain name or IP address range and hope that it'll remain nonexistent forever...)
Go through your configured modules one by one:
hosts: files mdns4_minimal [NOTFOUND=return] dns
- The 'files' module searches /etc/hosts, then returns "not found".
- Processing continues to the next module.
- The 'mdns4_minimal' module searches the local LAN subnet using Multicast DNS (mDNS), then returns "not found".
-
[NOTFOUND=return]
indicates that processing should not continue after this error; i.e. "not found" should be immediately returned to the program. - The 'dns' module is never reached.
Why the extra "[NOTFOUND=return]"? According to various sources, it's there to speed up unsuccessful queries and to prevent information leakage, and to reduce load on public DNS servers.
Let's say someone's network actually used mDNS (which is common on Linux/macOS). If the user tried to resolve "MyLittleLaptop.local" and it wasn't found, the system would keep trying the next module ('dns'), and the query would be sent to the public DNS (e.g. to the school's DNS servers, or to the coffee shop's router).
But – according to the reservation by IETF – *.local
names cannot possibly exist in public DNS, so such a query would be useless, all it does is reveal your personal information to the network admin. So the [NOTFOUND=return] tag is added to stop it from reaching DNS completely.
If your corporate network uses .local
for internal DNS and you're fairly sure it'll never use mDNS, you can remove the whole module – resulting in:
hosts: files dns
If you want to prioritize DNS, but keep the possibility open for using mDNS, then move it to the end:
hosts: files dns mdns_minimal