diff --git a/factory/etc/nsswitch.conf b/factory/etc/nsswitch.conf
index da74b19d90..d87f8811ec 100644
--- a/factory/etc/nsswitch.conf
+++ b/factory/etc/nsswitch.conf
@@ -4,7 +4,7 @@ passwd:         compat systemd
 group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
+hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
 networks:       files
 
 protocols:      db files
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml
index a41c383bb3..b424f1fbd2 100644
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@@ -67,12 +67,12 @@
     <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
     <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
-    and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the
-    first version, well-known names like <literal>localhost</literal> and the machine hostname are given
-    higher priority than the external configuration. This is recommended when the external DNS servers and
-    network are not absolutely trusted. In the second version, external configuration is given higher
-    priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable
-    in closely controlled networks, for example on a company LAN.</para>
+    and "traditional" modules like <literal>dns</literal>, or after them. In the first version, well-known
+    names like <literal>localhost</literal> and the machine hostname are given higher priority than the
+    external configuration. This is recommended when the external DNS servers and network are not absolutely
+    trusted. In the second version, external configuration is given higher priority and
+    <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable in closely
+    controlled networks, for example on a company LAN.</para>
   </refsect1>
 
   <refsect1>
@@ -83,11 +83,11 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
 <programlisting>passwd:         compat systemd
-group:          compat systemd
+group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-# Either (untrusted network):
-hosts:          mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns
+# Either (untrusted network, see above):
+hosts:          mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
 # Or (only trusted networks):
 hosts:          mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
 networks:       files
diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml
index e0e6989c40..56ee073c8a 100644
--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@@ -42,10 +42,10 @@
     <para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with
     <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
-    <para>It is recommended to place <literal>mymachines</literal> after the <literal>files</literal> or
-    <literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> line to make sure that its
-    mappings are preferred over other resolvers such as DNS, but so that <filename>/etc/hosts</filename>
-    based mappings take precedence.</para>
+    <para>It is recommended to place <literal>mymachines</literal> before the <literal>resolve</literal> or
+    <literal>dns</literal> entry of the <literal>hosts:</literal> line of
+    <filename>/etc/nsswitch.conf</filename> in order to make sure that its mappings are preferred over other
+    resolvers such as DNS.</para>
   </refsect1>
 
   <refsect1>
@@ -56,10 +56,10 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
     <programlisting>passwd:         compat systemd
-group:          compat systemd
+group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] myhostname files dns
+hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
 networks:       files
 
 protocols:      db files
diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml
index c377468953..e6963e5812 100644
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@@ -44,14 +44,12 @@
     <literal>dns</literal> somewhere after <literal>resolve</literal>, to fall back to
     <command>nss-dns</command> if <filename>systemd-resolved.service</filename> is not available.</para>
 
-    <para>Note that <command>systemd-resolved</command> will synthesize DNS resource
-    records in a few cases, for example for <literal>localhost</literal> and the
-    current hostname, see
-    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-    for the full list. This duplicates the functionality of
-    <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
-    but it is still recommended (see examples below) to keep
-    <command>nss-myhostname</command> configured in
+    <para>Note that <command>systemd-resolved</command> will synthesize DNS resource records in a few cases,
+    for example for <literal>localhost</literal> and the current local hostname, see
+    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
+    the full list. This duplicates the functionality of
+    <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>, but
+    it is still recommended (see examples below) to keep <command>nss-myhostname</command> configured in
     <filename>/etc/nsswitch.conf</filename>, to keep those names resolveable if
     <command>systemd-resolved</command> is not running.</para>
   </refsect1>
@@ -64,10 +62,10 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
 <programlisting>passwd:         compat systemd
-group:          compat systemd
+group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> myhostname files dns
+hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> files myhostname dns
 networks:       files
 
 protocols:      db files
diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml
index 34aee0e880..6285b8da9d 100644
--- a/man/nss-systemd.xml
+++ b/man/nss-systemd.xml
@@ -65,7 +65,7 @@
 group:          compat [SUCCESS=merge] <command>systemd</command>
 shadow:         compat
 
-hosts:          mymachines resolve [!UNAVAIL=return] myhostname files dns
+hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
 networks:       files
 
 protocols:      db files
