Skip to content

Avahi and Unicast Domains .local

mDNS/DNS-SD is inherently incompatible with unicast DNS zones .local. We strongly recommend not to use Avahi or nss-mdns in such a network setup. N.B.: nss-mdns is not typically bundled with Avahi and requires a separate download and install.

Background: The Zeroconf protocols Avahi implements are known as mDNS and DNS-SD. mDNS (short for Multicast DNS) is based on traditional (unicast) DNS, but the two systems do not interact. mDNS is used to manage a special cooperative zone .local where all local mDNS servers can freely register host names or services. Before mDNS was introduced the domain .local was sometimes used in non-public (unicast) DNS servers to assign names in LANs. Unfortunately some networks still use this domain that way. If Avahi and nss-mdns is installed properly a machine does not contact a unicast DNS server when resolving names from the .local domain, thus the unicast DNS domain .local becomes unreachable.

If you come across a network where .local is a unicast DNS domain, please contact the local administrator and ask him to move his DNS zone to a different domain. If this is not possible, we recommend not to use Avahi in such a network at all.


If you really want to use Avahi with .local as unicast domain, you might want to try the following. YMMV. Don't come running to us if something doesn't work as expected. It's your own fault!

The recommended nss-mdns configuration line for /etc/nsswitch.conf is

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

This makes nss-mdns authoritative for .local.

If this is changed as follows, unicast DNS will be tried before mDNS for .local, essentially "merging" the unicast and the multicast domain .local, with unicast taking precedence.

hosts: files dns mdns4

Please note that this line will "unbreak" the name service switch (NSS, aka gethostbyname()) only. Avahi itself will still not resolve any hosts from a unicast domain .local. i.e. this change will make some things work, but not all.

Please remember, that we do no recommend using nss-mdns in this way. Why? Firstly, because the conflict resolution protocol of mDNS becomes ineffective. Secondly, because due to the "merging" of theses zones, DNS RRs might point to wrong other RRs. Thirdly, this can become a security issue, because information about the mDNS domain .local which is intended to be link-local might leak into the Internet. Fourthly, when you mistype host names from .local the long mDNS timeout will always occur. Fifthly it creates more traffic than necessary. And finally it is really ugly.

Better workaround

If you want to use avahi in this environment, instead of asking the administrator to move the .local zone (for example, this is the default for a Small Business Server environment on Windows) then simply modify your /etc/avahi/avahi-daemon.conf with the following entry:


Avahi will simply use the domain .alocal to do its magic.


If you are a distributor, please follow the following recommendations when packaging Avahi/nss-mdns:

We recommend to run a special script at bootup and whenever the DNS configuration changes (i.e. from the DHCP hook script), which checks if there is a zone .local on the newly configured DNS server. If there is, please make sure to shut down Avahi and to disable nss-mdns. (Disabling nss-mdns explicitly is not necessary if it wasn't compiled with the mDNS mini stack, i.e. is not compiled with --enable-legacy). Use the bind9 host tool to check for such a zone:


if host -t SOA local. > /dev/null 2> /dev/null ; then
    # Hoho! There is a domain .local in unicast DNS! Let's disable Avahi!

    if test -x /etc/init.d/avahi ; then
        /etc/init.d/avahi stop > /dev/null 2> /dev/null
        if test -x /usr/bin/logger ; then
            logger -p daemon.warning -t avahi <<EOF
Avahi detected that your currently configured local DNS server serves
a domain .local. This is inherently incompatible with Avahi and thus
Avahi disabled itself. If you want to use Avahi in this network, please
contact your administrator and convince him to use a different DNS domain,
since .local should be used exclusively for Zeroconf technology.
For more information, see


Besides writing a warning about this to syslog, a notification bubble on the screen might also be advisable.


Leave a Reply

Your email address will not be published. Required fields are marked *