.localas the recommended root of internal domains, and serves them via unicast dns. Linux uses
.localas the root of multicast dns. If you're stuck on a broken MS network like this, reconfigure your linux multicast DNS to use a different domain like .alocal.
To do this, add a "
domain-name=.alocal" line to the "
[server]" section of "
/etc/avahi/avahi-daemon.conf", then restart avahi-daemon: "
sudo service avahi-daemon restart".
#/etc/avahi/avahi-daemon.conf [server] domain-name=.alocal
You may need to flush the DNS,mDNS and resolver cache, as well as restart your web browsers to clear their internal cache.
Background.I was seeing the strangest behavior on my work linux box. I could look up local addresses, but not contact them in my browser. Turns out I could look them up but not ping them, either.
% host foo foo.corp.local is an alias for bar.corp.local bar.corp.local has address 10.1.2.3 % host foo.corp.local foo.corp.local is an alias for bar.corp.local bar.corp.local has address 10.1.2.3 % ping foo -q -c 1 PING bar.corp.local (10.1.2.3) 56(84) bytes of data. --- bar.corp.local ping statistics --- 1 packets transmitted, 1 recieved, 0% packet loss, time 0ms % ping foo.corp.local unknown host foo.corp.localI spent a while thinking this was a resolver issue in
/etc/resolv.conf, since I knew that was getting modified by the VPN. Everything was fine in the resolver. What I'd forgotten about was
/etc/nsswitch.conf! The hosts line in
/etc/nsswitch.confput mdns4_minimal before dns AND set a reply of "NOTFOUND" from mdns to propagate back directly without hitting DNS.
# /etc/nsswitch.conf hosts line: hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4We could side-step the problem by removing mdns4_minimal from the hosts search path, but this will lead to potentially long dns timeouts from mistyped .local addresses. (Ok, that's not a very bad side effect, but still let's fix it correctly).
Dig a little deeper into
mdns, and you'll find Avahi. Avahi "facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite," what Apple calls Bonjour or Zeroconf. They have a warning page about unicast .local DNS zones that gets to the crux of the problem : linux has mdns (multicast dns) support configured for
.local, but Microsoft support suggests using
.local with unicast DNS. The two don't get along at all.
mDNS/DNS-SD is inherently incompatible with unicast DNS zones .local. We strongly recommend not to use Avahi or nss-mdns in such a network setup. N.B.: nss-mdns is not typically bundled with Avahi and requires a separate download and install.
-- Avahi and Unicast Dot Local wiki page
- move avahi mdns from .local to a different name (e.g. .alocal)
- or Remove mdns from
/etc/nsswitch.confor remove mdns module.
domain-name=.alocalline to the
/etc/avahi/avahi-daemon.conf, then restart avahi-daemon:
sudo service avahi-daemon restart.
If that doesn't work (and you restarted your browsers, with their insidious dns cache, right?) you can try removing mdns from the
hosts entry in
replace this line:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4with this line:
hosts: files dnsLinks: