If you use the standard rules in nsswitch.conf then "NS_SUCCESS | NS_RETURN" are mapped to terminal states and everything else continues to the net source (notfound, unavailable, tryagain).

If you specify a custom status code handler, like [notfound = return] then the default flags are ONLY NS_SUCCESS. This means nsdispatch(3) routines returning NS_RETURN (for example for ERANGE to get more memory), instead fallback to the next source. This is incorrect behavior. for 3 reasons.

1. NS_RETURN is explicit, it is to return, not fall back.
2. there is no way to restore this behavior, 'return' is not a documented status code in nsswitch.conf or as far as I can see the parser to restore this behavior
3. NS_RETURN's intent is to signal that there is SOMETHING there, but you may need to take additional action; by having the system fall through this completely hides this behavior from clients.

This fix sets the default for ALL to be NS_SUCCESS and NS_RETURN. I think there MAY be another bug where you cannot set NS_SUCCESS to continue (for last match semantics). but I will investigate that at a later time.