0

I have just installed ubuntu 22.04 from scratch on a new physical server. One thing that has been a thorn in my side with Ubuntu since about 14.04, is trying to wrap my head around the complexities it puts over DNS configuration. Today is no exception. There's no shortage of questions and problems related to this (so here's one more - I'm very sorry!), and that should tell somebody there's a problem here. Things were so much simpler and so much more reliable before netplan/NetworkManager and that ilk. dnsmasq was my favorite tool; I could easily set up my whole home network in one confifuation - but alas! I cannot restore the past.

Anyway, what I have is

  • An inflexible router, provided by my ISP, that will not allow me to specify DNS settngs and will not allow me to specify fixed addresses for connected devices
  • A network consisting of around 60 devices, most of which intercommunicate (so internal DNS is critical here)
  • A single network (eth) interface

The configuration file in /etc/netplan/01_wired.yaml is:

network:
  renderer: networkd
  ethernets:
    eth_lan0:
      dhcp4: no
      addresses: [192.168.1.12/24]
      gateway4: 192.168.1.254
      #routes:
      #  - to: default
      #    via: 192.168.1.254
      nameservers:
        addresses:  [192.168.1.2]
        search: [domainname.com]
      optional: true
      match:
        macaddress: 90:2b:34:36:ae:bc
      set-name: eth0

I actually have a dnsmasq system running on a server on the network (on rPi raspbian since ubuntu makes this such a pain), and its address is 192.168.1.2, the DNS I've told netplan to use. And all server names are hostname.domainname.com (or a subdomain of same) (domainname.com represents a network name managed by me.)

Even though there is no place in the system that I've indicated to use DHCP, it seems that DHCP is used, aS referenced in /etc/resolv.conf:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.53
search lovelady.com attlocal.net

(Note: it's that 'attlocal.net' in there that tells me it's referencing the DHCP server.) Also, resolvectl status returns this:

root@r2d2:~# resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
      DNS Domain: attlocal.net lovelady.com

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 2600:1700:5950:3240::1
       DNS Servers: 191.168.1.2 2600:1700:5950:3240::1
        DNS Domain: attlocal.net lovelady.com


Link 3 (eno1)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported


root@r2d2:~# resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
      DNS Domain: attlocal.net lovelady.com


Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 2600:1700:5950:3240::1
       DNS Servers: 191.168.1.2 2600:1700:5950:3240::1
        DNS Domain: attlocal.net lovelady.com


Link 3 (eno1)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

(Note that resolvectl puts attlocal.net before lovelady.com (!!!!) and I don't even want attlocal.net in the configuration. At all!

Anyway, resolvectl is not telling the accurate story becuase it implies that lookups will be sent to 192.168.1.2 (which does work great) but on this system, correct IP addresses are not being returned. This pair of lookups shows the issue:

username@r2d2:~# dig velmicro

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> velmicro
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59512
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;velmicro.                      IN      A


;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Dec 06 00:45:20 UTC 2023
;; MSG SIZE  rcvd: 37


username@r2d2:~# dig @192.168.1.2 velmicro


; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.1.2 velmicro
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53926
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;velmicro.                      IN      A


;; ANSWER SECTION:
velmicro.               0       IN      A       192.168.1.6


;; Query time: 3 msec
;; SERVER: 192.168.1.2#53(192.168.1.2) (UDP)
;; WHEN: Wed Dec 06 00:45:46 UTC 2023
;; MSG SIZE  rcvd: 53

If I don't tell dig what server to use, it uses the default, which returns no address for velmicro. But if I tell dig to use 192.168.1.2, it returns the correct address.

I've spent a whole afternoon reading article after article about resolutions for this. The vast majority of resolutions I've found say to make just the configuration that I've made, and they stop there. Most of the rest have to do with Network Manager, which isn't (or doesn't seem to be - who can tell?) involved in this configuration. Then there are those who say to just modify /etc/resolv.conf ... and then we get into resolveconf and other configuration tools, each of which adds more complexity. All I want, is for the system to use the configuration I set manually. Doesn't seem unreasonable to me.

So I'm here to add yet another voice to the cries in the dark looking for a DNS solution on recent UBUNTU. Can you help?

UPDATE at @upboden's request:

root@r2d2:~# ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Dec  5 23:17 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
root@r2d2:~# more /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.53
search lovelady.com attlocal.net

UPDATE 2

I have removed the package resolvconf (which I added in hopes of resolving this problem). Removal of the package restored the link, but has not solve the issue.

root@r2d2:~# sudo apt remove resolveconf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package resolveconf
root@r2d2:~# sudo apt remove resolvconf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
  resolvconf
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 203 kB disk space will be freed.
Do you want to continue? [Y/n]
(Reading database ... 87264 files and directories currently installed.)
Removing resolvconf (1.84ubuntu1) ...
resolvconf.postrm: Reboot recommended
Processing triggers for man-db (2.10.2-1) ...
root@r2d2:~# ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Dec  6 01:51 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
root@r2d2:~# cat /etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search lovelady.com attlocal.net

EDIT 3

I have added a dhcp6: no line to the /etc/netplan/01_wired.yaml file, and the problem was resolved. New content is:

network:
  renderer: networkd
  ethernets:
    eth_lan0:
      dhcp4: no
      dhcp6: no
      addresses: [192.168.1.12/24]
      gateway4: 192.168.1.254
      #routes:
      #  - to: default
      #    via: 192.168.1.254
      gateway4: 192.168.1.254
      nameservers:
        addresses:  [192.168.1.2]
        search: [lovelady.com]
      optional: true
      match:
        macaddress: 90:2b:34:36:ae:bc
      set-name: eth0

resolvectl status (note the absence of IP6 spec in output):

> resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.2
       DNS Servers: 192.168.1.2 2600:1700:5950:3240::1
        DNS Domain: attlocal.net lovelady.com


Link 3 (eno1)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

dig output annoyingly still looks wrong (no answer shown from default) :

> dig velmicro

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> velmicro
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;velmicro.                      IN      A


;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Dec 06 14:47:54 UTC 2023
;; MSG SIZE  rcvd: 37


dennis@r2d2:/home/dennis   12/06 14:47:54
> dig @192.168.1.2 velmicro


; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.1.2 velmicro
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1145
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;velmicro.                      IN      A


;; ANSWER SECTION:
velmicro.               0       IN      A       192.168.1.6


;; Query time: 0 msec
;; SERVER: 192.168.1.2#53(192.168.1.2) (UDP)
;; WHEN: Wed Dec 06 14:48:07 UTC 2023
;; MSG SIZE  rcvd: 53

But the practial/important thing is that adding dhcp6: no seems to have worked.

For completeness, the answer to slangasek's question about other netplan files is: Only 00-installer-config.yaml is present, and its contents are:

# This is the network config written by 'subiquity'
network:
  ethernets:
    eno1:
      optional: true
      dhcp4: true
    enp6s0:
      optional: true
      dhcp4: true
  version: 2

Note that search attlocal.net remains in the configuration (from where, I cannot tell). It's in the /etc/resolv.conf file:

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the 
# internal DNS stub resolver of systemd-resolved. This file lists all 
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search lovelady.com attlocal.net

but of course, I did not put it there.

So current status is that DNS seems to be working (for now) but some mysteries remain, and mysteries in IT are rarely a good thing.

I let my frustration show in the original message. I still feel strongly that UBUNTU is going a wrong direction w.r.t. what should be a simple matter, and hope that perhaps one day those involved will realize the value of simplicity. But I should not let it get to me; UBUNTU is, all in all, the best of those available for my needs.

Dennis
  • 174
  • The output of resolvectl status indicates this: resolv.conf mode: foreign. This tells me that /etc/resolv.conf has been modified and is not a symlink to /run/systemd/resolve/stub-resolv.conf, which is a file that indicates 127.0.0.53 as the DNS server. This symlink is the default setup of Ubuntu and this server is the local caching stub resolver. So I want to know the output of ls -l /etc/resolv.conf and the contents of the that file. Please update your question with this info. – mpboden Dec 06 '23 at 01:34
  • @mpboden Thanks. I have added to the end of the question. – Dennis Dec 06 '23 at 01:41
  • So did you install resolvconf? The file is showing both search domains. I would eliminate that file and create a symlink from /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf. As I said previously, this is the default setup. – mpboden Dec 06 '23 at 01:46
  • I did. It is now removed. See update. – Dennis Dec 06 '23 at 01:55
  • DNS Servers: 191.168.1.2 2600:1700:5950:3240::1 You seem to have overlooked that the DNS server address it lists is 191, not 192. As far as dhcp, you should not have to specify dhcp6: no as this is the default. Are there any other files under /etc/netplan that could be overriding your configuration that says not to use dhcp4? – slangasek Dec 06 '23 at 07:39
  • @slangasek I am not sure where that 191 came from... maybe I overtyped a copy/paste? (That doesn't seem very likely, since it's there twice. But the netplan file was and is as shown above, with the 192.* specification. However, at a suggestion (now deleted?) from mpboden, I added dhcp6: no and the problem is resolved. I'll update the question within the minute with the new results. – Dennis Dec 06 '23 at 14:42
  • 1
    I deleted my comment because @slangasek is correct in saying that is default behavior. So I’m curious as to that working. Nonetheless, that’s good. Moving forward, I would delete that unnecessary YAML file and reload your Netplan config. I’d also flush your DNS cache with sudo resolvectl flush-caches. Then run sudo systemctl restart systemd-resolved – mpboden Dec 06 '23 at 16:06
  • I'm glad that you have it working, but what concerns me is, dhcp6: no is also the default. So I suspect a bug here in either netplan or systemd-networkd. Are you willing to file a bug report against https://bugs.launchpad.net/netplan so we can work to track this down? – slangasek Dec 07 '23 at 23:42

1 Answers1

1

I share your frustration Dennis and agree. Below is the simple fix for your issue. Note: this answer is based on Dennis like of the "old" days. This is not the current recommended fix.

Despite all the frustrating things systemd, NetworkManager etc does with DNS, they all follow the design rule, or not modifiying resolv.conf directly, when they install, they link /etc/resolv.conf to a location unique to their service, and they modify that file.

So to fix your issue, remove the symbolic link at /etc/resolv.conf. Create the file the way you want it. eg:

nameserver 192.168.1.2
search local.domain
<any other options>

You should be good to go now, the file /etc/resolv.conf is the only file that matters for dns, and you now have control of it. In my experience systemd and Network Manager wont change the file, now the symbolic link is removed. However if you want to make sure that is the case, change ownership to your user, and give only read access to everyone else. Then it is safe. You just need to edit /etc/resolv.conf if you make changes to your setup.

After feedback from Dennis and some more research:

To disable Network Manager from modifying resolv.conf edit /etc/NetworkManager/NetworkManager.conf adding under [main]:

dns=none
rc-manager=unmanaged

Alternativly if you want to disable NetworkManager completely these are the instructions on the Ubuntu site and they reference it back to How do I disable network manager permanently?

Stop network manager

sudo systemctl stop NetworkManager.service
sudo systemctl stop NetworkManager-wait-online.service
sudo systemctl stop NetworkManager-dispatcher.service
sudo systemctl stop network-manager.service


Disable network manager (permanently) to avoid it restarting after a reboot


sudo systemctl disable NetworkManager.service
sudo systemctl disable NetworkManager-wait-online.service
sudo systemctl disable NetworkManager-dispatcher.service
sudo systemctl disable network-manager.service
Luke Attard
  • 982
  • Thank you so much, Luke. That has resolved the issue for me! Somehow I had suspected that if I take the link away then some upgrade will just put it back. I trust that, as you say, that won't happen. (Plenty of other software packages honor the user's configuration over the packaged defaults. This should be no different - and probably is not. I'm just paranoid.) – Dennis Dec 07 '23 at 14:17
  • 1
    Your Welcome. Can not be any worst then what you had been going through. I could feel your frustraion when I was reading it. – Luke Attard Dec 07 '23 at 14:40
  • nah, shouldn't let these things bother me. In a hundred years it'll be worse and I won't care at all. :) – Dennis Dec 07 '23 at 15:02
  • Hmmm... I have done this, and the file keeps being overwritten with this: "# Generated by NetworkManager" and my nameserver line is replaced with 127.0.0.53 and my 'domain' line is removed entirely. I found https://askubuntu.com/questions/623940/network-manager-how-to-stop-nm-updating-etc-resolv-conf... we'll see how it goes – Dennis Dec 07 '23 at 16:08
  • @Dennis Is this a server or desktop install? If server, you must have installed NetworkManager because it does not come with it installed. – mpboden Dec 07 '23 at 18:19
  • @Dennis, Have you tried setting the permissions of resolv.conf to be owned by you, and read only for everyone else? – Luke Attard Dec 07 '23 at 23:01
  • I have updated the answer, with the extra details, so others who find the answer, has the correct details – Luke Attard Dec 07 '23 at 23:22
  • @LukeAttard I know he doesn’t need NetworkManager. That’s exactly why I was asking. I think that’s part of his problem and should be deleted!!!! But he’s not responding. The OP has several issues. He installed resolveconf. He has more than one Netplan YAML file with conflicting configurations. He’s manually configuring /etc/resolv.conf. And I t appears he’s installed NetworkManager. Finally, I’m not sure what else has been done to this install. From the beginning info has been left out. – mpboden Dec 08 '23 at 01:56
  • @mpboden my apologies, I read and responded to your comment, before I noticed that Dennis provided feedback that the solution did not work. I will delete my comment now. – Luke Attard Dec 08 '23 at 02:05
  • @LukeAttard All good. No worries. :) – mpboden Dec 08 '23 at 02:16
  • @LukeAttard: I would rather understand it than just prevent it blindly; I don't see any reason to pass problems on to some other process. Rather ask the culprit to kindly leave. So, no, I didn't use chattr here. – Dennis Dec 10 '23 at 00:48
  • @mpboden the file is named 'ubuntu-22.04.3-live-server-amd64.iso' and has a size of 2,133,391,360. I believe it to be server. I am sorry I was away so long. I'll just say it couldn't be avoided. – Dennis Dec 10 '23 at 00:51
  • @LukeAttard "Failed to stop NetworkManager.service: Unit NetworkManager.service not loaded." Apparently some other manager in place. My research shows that it's very difficult (and never 100% certain) to determine what NM is controlling the network. The beginnings of my aggravation with Ubuntu's direction. But I've already walked that road here – Dennis Dec 10 '23 at 00:53
  • @LukeAttard the instructions here have made the problem disappear more than 48 hours; I call it done. https://askubuntu.com/questions/623940/network-manager-how-to-stop-nm-updating-etc-resolv-conf If you update your answer accordingly, I will accept it again. And by the way, it is ubuntu server. Found this: << sudo dpkg -l ubuntu-desktop >> dpkg-query: no packages found matching ubuntu-desktop – Dennis Dec 10 '23 at 01:03
  • @Dennie Thanks for the feedback, I ahve updated the answer in reference to the NetworkManager.conf file. – Luke Attard Dec 10 '23 at 01:44