I recently installed OpenSnitch and discovered that the avahi-daemon is running on my system. I assume this is either included and enabled by default on PureOS, or perhaps it was enabled by the installation of an application.
Is it necessary to have Avahi running on PureOS? What things might break if I disable it?
I finally went ahead and disabled the avahi-daemon using sudo systemctl disable avahi-daemon on PureOS 11. That alone doesnât stop it unless you reboot, so I stopped it with sudo systemctl stop avahi-daemon. That came with the following warning
Warning: Stopping avahi-daemon.service, but it can still be activated by:
avahi-daemon.socket
Will update this thread with any observed negative side effects. Searched the web for info about the same and couldnât find much.
Even if you donât disable the service, you can tame the configuration somewhat.
avahi will allow hosts to resolve local domain names without having a local DNS server. (As I have a local DNS server, and hosts donât come and go like crazy so it is easy enough to keep the local DNS data source up to date, I have no need for this aspect.)
avahi will allow a measure of auto-configuration of your local network by allowing a host to discover services running on other hosts. Whether you need that is a balance between your expertise and how dynamic your network is. (Again, I have no need for this aspect.)
I donât have any need for autodiscovery on the home LAN.
I âdiscoveredâ that disabling ahavi-daemon.service via systemctl doesnât do the trick. It comes back from the dead on reboot.
Stronger medicine needed. Suggestions welcome.
sudo systemctl disable avahi-daemon.socket
(disable and stop, both the service and socket)
?
I ran that command but there was no output, completed silently. Usually when I disable systemd services I see output showing links being removed.
Will report if itâs still back from the dead after next reboot.
When I disable the socket I get
Removed /etc/systemd/system/sockets.target.wants/avahi-daemon.socket.
When I stop it I get
Job for avahi-daemon.socket canceled.
When I disable the service I get
Synchronizing state of avahi-daemon.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable avahi-daemon
Removed /etc/systemd/system/multi-user.target.wants/avahi-daemon.service.
Removed /etc/systemd/system/dbus-org.freedesktop.Avahi.service.
Disclaimers: This is on Ubuntu 22.04 LTS and I havenât rebooted to see whether the changes persist correctly.
$ sudo systemctl status avahi-daemon.service
â avahi-daemon.service
Loaded: masked (Reason: Unit avahi-daemon.service is masked.)
Active: inactive (dead)
$ sudo systemctl status avahi-daemon.socket
â avahi-daemon.socket
Loaded: masked (Reason: Unit avahi-daemon.socket is masked.)
Active: inactive (dead)
On my PureOS machines, this service is forever killed off. My understanding is that sudo systemctl disable avahi-daemon.service is not enough like you said, but if you replace disable with mask then it kills it forever, or whatever.
NOTE: Even after disabling avahi, I was still able to ssh into my friendâs Raspberry Pi on the local network that published itself via avahi. So, if I understand correctly, avahi is extremely, extremely pointless. It basically allows other machines to SSH into you (or otherwise reference your network host) with a name instead of an IP, in cases when you donât have a DNS server, as @irvinewade said.
Most of my Purism machines are configured with avahi and sshd and stuff locked down and off, and I use them to do outgoing connections instead of incoming connections. So, for example, it is more important and valuable to me that my Librem 14 does not spam the local network with Avahi messages saying "HI! I am a Librem 14 named XYZ!" than it is to be able to ssh my-librem-14. And apparently avahi services are not even necessary to be able to use outgoing mDNS!!
But maybe it makes sense for my friend to retain avahi on his raspberry pi, since he is less technical and benefits from being able to SSH into the device with a hostname. To be honest I have a habit of connecting with local machines by their IP anyway. Maybe just old habit.
For completeness, an alternative is just to populate /etc/hosts
For a small network or a very stable network, that choice may be practical. For a larger network it would be a pain having to edit that file on n hosts in order to add one new host.
The other consideration is that using the hosts file or using a DNS server with a static configuration only really work if every host has a fixed IP address ⌠where a fixed IP address is achieved (on a per host basis) either by setting the host to have a static IP address or by adding the hostâs MAC address to the DHCP serverâs configuration so that the DHCP server always hands out the same IP address to that host.
If you want truly dynamic IP addresses then you would need integration between your DHCP server and your DNS server or thatâs where avahi might actually be useful.
Thanks for the systemctl mask tip. Both Avahi and CUPS services came back from the dead after reboot, and it took the mask option to kill them off for good. I also had to disable cups-browsed.service.