10

Anyone know how systemd-resolve voodo works?

192.168.1.30is the correct DNS server for my network, as returned by DHCP.

/etc/resolv.conf points to 127.0.0.53

Systemd claims to be using the correct server.

systemd-resolve --status | grep "DNS Servers"
192.168.1.30

But dig indicates it is not forwarding requests If I specify the server I can resolve shadowbox

dig @192.168.1.30 shadowbox

; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.30 shadowbox
...

;; ANSWER SECTION:
shadowbox.      60  IN  A   192.168.1.34
...

systemd-resolve cannot

dig @127.0.0.53 shadowbox

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.53 shadowbox
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60161
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;shadowbox.         IN  A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Jun 07 14:00:12 CEST 2020
;; MSG SIZE  rcvd: 38

I have tried bouncing the server, flusching acashed and mamually setting the server

systemd-resolve --flush-caches
systemd-resolve --set-dns=192.168.1.30 --interface=enp0s31f6

I can chattr +i /etc/resolv.conf to regain control of DNS, but it would be nice to know why systemd is not working, since I loose the benefits of DHCP.

muru
  • 197,895
  • 55
  • 485
  • 740
teknopaul
  • 2,027
  • 16
  • 18
  • Edit your question and show me ls -al /etc/resolv.conf and cat /etc/resolv.conf and dpkg -l *dnsmasq* and grep -i dns /etc/systemd/resolved.conf and systemd-resolve --status. – heynnema Jun 07 '20 at 13:09
  • /etc/resolv.conf pointed to 127.0.0.53, dnsmasq is running, it is bound to 10. network for LXC containers, AFAIK not in use as a caching resolver, that may be part of the problem systemd-resolve is listening to 127.0.0.53:53 – teknopaul Jun 09 '20 at 15:36
  • Seems it does use the server for e.g. "shadowbox.com" but not for "shadowbox" – teknopaul Jun 09 '20 at 16:13
  • If you have dnsmasq running, then you need to edit /etc/systemd/resolved.conf and change #DNSStubListener=yes to DNSStubListener=no. You didn't give me any of the outputs that I requested. – heynnema Jun 09 '20 at 16:55

3 Answers3

3

Looks like this is by design. Pottering closed the issue https://github.com/systemd/systemd/issues/2514 with a wont-fix.

dig @127.0.0.53 shadowbox

systemd-resolved does not support simple names over DNS, only fqdn, and ignores the search directive.

teknopaul
  • 2,027
  • 16
  • 18
2

As hinted by @teknopaul (Jun 9, 2020 at 16:55) this has to do with resolved not resolving single-label domain names by default. I solved this same issue by creating the file /etc/systemd/resolved.conf.d/singlelabel.conf containing only

[Resolve]
ResolveUnicastSingleLabel=yes

Then single-label resolution works with the stub-resolver.

P.S.: Before making this change, the stub resolver had no problem resolving most of the single-label names on my LAN, which made this problem really hard to pin down.

Morten Lind
  • 21
0

To add specific upstream:

  • add upstream dns in /etc/systemd/resolved.conf

    [Resolve] DNS=192.168.1.123

  • restart service systemd-resolved restart

  • check with systemd-resolve --status

    Global DNS Servers: 192.168.1.123

To use DHCP provisioned DNS Server ( Since you stated in the comments that you want it to "just behave like normal" ) :

In the configuration file for local network interface (a file matching the name pattern /etc/systemd/network/*.network) either specify to obtain local DNS server address from DHCP server using DHCP= option:

[Network]
DHCP=yes

Also make sure resolvconf is not interfering:

systemd-resolved will work out of the box with a network manager using /etc/resolv.conf. No particular configuration is required since systemd-resolved will be detected by following the /etc/resolv.conf symlink. This is going to be the case with systemd-networkd or NetworkManager.

However, if the DHCP and VPN clients use the resolvconf program to set name servers and search domains (see openresolv#Users for a list of software that use resolvconf), the additional package systemd-resolvconf is needed to provide the /usr/bin/resolvconf symlink. Note: systemd-resolved has a limited resolvconf interface and may not work with all the clients, see resolvectl(1) for more information. (from archwiki )

Bash Stack
  • 171
  • same, same, reports the correct DNS server but does not actually use it and cannot reoslove hosts that are found in that DNS server. – teknopaul Jun 09 '20 at 10:30
  • BTW, hardcoding the DNS server somewhere is not my ideal solution, I would prefer it resolve to respect DHCP. – teknopaul Jun 09 '20 at 10:34
  • then please do not blindly downvote and ask more specific , see here wiki.archlinux.org/index.php/Systemd-resolved , your problem might be resolvonf and not systemd-resolved , the answer was updated to fit your needs – Bash Stack Jun 09 '20 at 14:42
  • Hi Bash Stack sorry if I caused offense, did not blindly downvote, I tested the (original) answer and it did not work. I was explicit about DHCP, while the original answer suggested hardcoding the DNS server. SO works but voting up answers that work, and voting down ones that don't, please don't take it personally, it was not a bad answer it just did not work. – teknopaul Jun 09 '20 at 15:37