Path: utzoo!attcan!uunet!lll-winken!lll-ncis!helios.ee.lbl.gov!pasteur!ucbvax!umiacs.UMD.EDU!steve
From: steve@umiacs.UMD.EDU (Steven D. Miller)
Newsgroups: comp.protocols.tcp-ip
Subject: Re:  Reconciling /etc/hosts, yp, and named?
Message-ID: <8901161411.AA19003@fnord.umiacs.UMD.EDU>
Date: 16 Jan 89 14:11:06 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 56


   It seems to me that the following combinations of DNS/YP/host table usage
are valid:

	1) You're using the domain name system.  In this case, *all* host
	lookups should go through the DNS.  The only exception here is that
	at boot time, you'll need to be able to fall back on the host table
	so that you can do a host name lookup to configure your network
	interface.  Other than that, you *never* fall back on the host
	tables, as host table information is out-of-date, wrong, and won't
	be around for too much longer.  I'd rather have no answer than a
	wrong one, though I suppose this is something of a religious issue.

	   Similarly, sendmail should do MX lookups, and do them through the
	DNS directly, with nothing serving as an intermediary.

	   This approach is always the right one, irrespective of whether or
	not you're also running YP.  Since YP has no concept of soft
	failures, there's no way for ypserv -i ever to work 100% correctly.
	And, after all, if you're using the DNS, your host information is
	all being served by a DNS server, and you have no need to keep
	duplicate host information around in YP.  (There may actually be a
	few exceptions to this in highly security-conscious environments,
	where perhaps the existence of some hosts is not to be advertised to
	the outside world.  I'm not sure how to handle those cases.  What do
	other people think?)


	2) You're not using the domain name system.  This breaks down into
	two cases:

		2A) You're also not using YP.  All lookups go to /etc/hosts.
		(Note that it's important for your customers to be able to
		purge YP entirely from their systems without causing any
		catastrophes.)

		2B) You're using YP.  Do whatever most other YP servers do
		in terms of falling back on host tables when necessary.


   I think that Sun is moving toward this approach.  It's possible to get
SunOS 4.0.1 C libraries that do host lookups through the DNS, and YP lookups
for everything else; they're available for anonymous FTP from uunet.  I
think they may come on the Sun distribution tapes in the future, though you
shouldn't take my word on that.  (Could someone from Sun confirm or deny
this rumor?)

   If you software follows these rules, is is my opinion that it will work
in accordance with the letter and spirit of the domain RFCs.  I'm sure that
others will (and, indeed, already have) beg to differ.  Does the Hosts
Requirements RFC have anything to say on this matter?

	-Steve

Spoken: Steve Miller    Domain: steve@mimsy.umd.edu    UUCP: uunet!mimsy!steve
Phone: +1-301-454-1808  USPS: UMIACS, Univ. of Maryland, College Park, MD 20742