Docker-alpine: Alpine linux doesn't have nsswitch configuration file

https://github.com/influxdata/influxdata-docker/issues/76
https://github.com/ibmruntimes/ci.docker/issues/1
https://gitlab.com/gitlab-org/gitlab-runner/issues/2142
...
...

We're facing this too. I noticed that our pods in Kubernetes were making DNS calls for localhost as well.

same issue

The only place we've seen issues with this in the official images is in Go-based binaries (since Go itself uses nsswitch.conf), which is why the Docker-in-Docker official image (and a few other Go-based images) includes a generated nsswitch.conf: https://github.com/docker-library/docker/pull/84/files (and we're likely to add something similar to the Alpine variants of the Go official image at some point)

What I'm not clear on is whether there are other bits of software in Alpine that _aren't_ using Go which read this file?

In digging for https://github.com/docker-library/docker/pull/84, I noticed that Alpine had /etc/nsswitch.conf once upon a time (https://git.alpinelinux.org/cgit/alpine-baselayout/tree/nsswitch.conf?id=d81dc473af456d97e670ccfe78a30dce96d01284), and it was removed years ago without much detail as to why (https://git.alpinelinux.org/cgit/alpine-baselayout/commit/nsswitch.conf?id=86d10e4ceb7c8a5aeb2b772f8b91c28cd6a82c6b), but I presume it's because it's not used by any of Alpine's packages.

@tianon
Thanks
It works. https://github.com/docker-library/docker/pull/84/files

Hello @tianon , I tested Python in alpine, and Python do read /etc/hosts before lookup in DNS.

I'm not sure missing nsswitch.conf is a bug since other software didn't use it nor alpine itself. But adding this configuration file by default maybe more friendly to other software who use it, as for many binary use alpine as its base image or run-time image.

What do you think?

As @tianon mentions and as commented here: https://github.com/docker-library/docker/issues/82#issuecomment-334627834 it is Go that is hardcoded to behave as glibc (dns first and then use hosts if it fails) if there is no /etc/nsswitch.conf. musl libc does not use this file at all since it does not implement NSS. I'd say that this is a bug in Go which assumes that linux always is glibc.

@ncopa got that

Does this need a bug/enhancement request in Golang?

Helo @thaJeztah I'm really Sorry about the delay reply...

I'm not sure whether it is a bug because we can not create a nsswitch.conf for others nor help others made the choice. I'm pretty confused about that since it's not Alpine's fault nor the golang.I thought it's just because we chose alpine as our based image(because of the image size).

Well, mainly was looking at;

I'd say that this is a bug in Go which assumes that linux always is glibc.

Wondering if that needs a solution / should be customisable

Isn't GO one of the main reasons to use Alpine , especially in Kubernetes ?
As far as i understand that this is a GO issue for assuming it is running on glibc is still something that would require a better fix than just say "is a GO Bug" ... is there any known workaround other than having a "localhost" fixed record in the dns ?

I end up with hundreds of request in my dns for "localhost.(Any Number of search domains)"

The simplest workaround is to create for yourself a trivial one-line nsswitch.conf, as in: https://github.com/docker-library/golang/blob/301d61ac921c9173086e6db1429a4916d894919f/1.11/alpine3.8/Dockerfile#L9

# set up nsswitch.conf for Go's "netgo" implementation
# - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
# - docker run --rm debian:stretch grep '^hosts:' /etc/nsswitch.conf
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf

A potential Go fix would be to implement https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02