curl: c-ares support breaks darwin sandbox #462625
Description
Nixpkgs version
- Unstable (25.11)
Describe the bug
After enabling c-ares support in #451579 , curl no longer uses nss for resolving host names. The same can be verified using strace. curl & by extension probably libcurl no longer connects to nscd socket for hostname resolution & instead uses the dns server listed in /etc/resolv.conf.
Steps to reproduce
Before #451579
❯ nix shell "nixpkgs/932e4fee6474e2cd152d180f105a868acb9b6c6c#curl" -c strace -f -e sendto -- curl -s https://search.nixos.org 2>&1 | grep nixos.org
[pid 1016194] sendto(5, "\2\0\0\0\16\0\0\0\21\0\0\0search.nixos.org\0", 29, MSG_NOSIGNAL, NULL, 0) = 29
Now after enabling c-ares support.
❯ nix shell "nixpkgs/b5b99c73d807b4b1c1988fd360aefd5a1455769c#curl" -c strace -f -e sendto -- curl -s https://search.nixos.org 2>&1 | grep nixos.org
In the full trace it can be seen that nss is not used, and raw dns server list from /etc/resolv.conf is used instead.
Expected behaviour
libcurl should use nss by default, since it's the expected default behaviour.
Screenshots
No response
Relevant log output
Additional context
Change also seems to have caused other regressions like #462151.
And not using nss can result in failures where host name resolution is dependent on nss modules like mdns.
System metadata
❯ nix-shell -p nix-info --run "nix-info -m"
- system:
"x86_64-linux" - host os:
Linux 6.17.8, NixOS, 25.11 (Xantusia), 25.11.20251116.50a96ed - multi-user?:
yes - sandbox:
yes - version:
nix-env (Nix) 2.31.2 - nixpkgs:
/nix/store/qjg5hnnkydk3mri5k6rydhj08x9s7xya-source
Notify maintainers
Note for maintainers: Please tag this issue in your pull request description. (i.e. Resolves #ISSUE.)
I assert that this issue is relevant for Nixpkgs
- I assert that this is a bug and not a support request.
- I assert that this is not a duplicate of an existing issue.
- I assert that I have read the NixOS Code of Conduct and agree to abide by it.
Is this issue important to you?
Add a 👍 reaction to issues you find important.