You are not logged in.

#1 2022-10-23 08:27:02

leuko
Member
Registered: 2020-06-01
Posts: 23

[Solved] systemd-resolved priority in nsswitch causes problem in re...

On my server I noticed

$ hostname -d
(none)

even my `/etc/hosts` includes the FQDN for my IP (IP & DNS names redacted):

127.0.0.1 localhost
127.0.1.1 example.de example
37.100.100.100 example.de example

::1 localhost ip6-localhost ip6-loopback
2a03:4000:1:100:: example.de example
::1 example.de example

When I look in systemd-resolved debug logs after I issue `hostname -d`:

Oct 23 10:43:46 example systemd-resolved[275]: varlink: New incoming connection.
Oct 23 10:43:46 example systemd-resolved[275]: varlink: Connections of user 1000: 0 (of 576 max)
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Setting state idle-server
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: New incoming message: {"method":"io.systemd.Resolve.ResolveHostname","parameters":{"name":"example","family":2,"flags":0}}
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Changing state idle-server → processing-method
Oct 23 10:43:46 example systemd-resolved[275]: idn2_lookup_u8: example → example
Oct 23 10:43:46 example systemd-resolved[275]: Looking up RR for example IN A.
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Sending message: {"parameters":{"addresses":[{"family":2,"address":[127,0,1,1]},{"family":2,"address":[37,221,194,221]}],"name":"example","flags":786945}}
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Changing state processing-method → processed-method
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Changing state processed-method → idle-server
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Got POLLHUP from socket.
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Changing state idle-server → pending-disconnect
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Changing state pending-disconnect → processing-disconnect
Oct 23 10:43:46 example systemd-resolved[275]: varlink-15: Changing state processing-disconnect → disconnected

Somehow systemd-resolved fails to resolve my domain name that I provided in `/etc/hosts`.

If I change Archlinux default config and prioritize `/etc/hosts` over systemd-resolved in `/etc/nsswitch.conf`:

#hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
hosts: mymachines files resolve [!UNAVAIL=return] myhostname dns

Then I get what I expect:

$ hostname -d
de
s% hostname -f
example.de

Why does systemd-resolved not help with `hostname -d`?

Last edited by leuko (2022-10-26 17:29:15)

Offline

#2 2022-10-23 11:19:16

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,404

Offline

#3 2022-10-23 20:11:15

leuko
Member
Registered: 2020-06-01
Posts: 23

Re: [Solved] systemd-resolved priority in nsswitch causes problem in re...

My understanding from these discussions is that systemd-resolved does not make a DNS query out of a hostname and forward it to a DNS server. In my case I do not expect that systemd-resolved creates a request either because I have the relevant entries in /etc/hosts and I do not have any search domains defined. Moreover the offered solutions in Archwiki do not help me hmm

But I concur that my problem could be a side effect. Still, if systemd-resolved does not append any search domains, how could it find my FQDN at all?

I could solve this problem by prioritizing `/etc/hosts`. AFAIK systemd-resolved does not implement a DNS server itself, because `/etc/hosts` is sufficient for static local DNS. Why does the default nsswitch.conf prioritize `resolved` over `files` if systemd-resolved cannot find the domain name then?

Also interesting:
To get the FQDN with systemd-resolved, an (m)DNS+DHCP" in needed

Last edited by leuko (2022-10-23 20:18:57)

Offline

#4 2022-10-23 20:47:51

Tarqi
Member
From: Ixtlan
Registered: 2012-11-27
Posts: 179
Website

Re: [Solved] systemd-resolved priority in nsswitch causes problem in re...

Maybe relevant: https://bugs.archlinux.org/task/56684. For whatever reason this has been recently closed as "fixed", but nothing has changed.

Last edited by Tarqi (2022-10-23 20:52:11)


Knowing others is wisdom, knowing yourself is enlightenment. ~Lao Tse

Offline

#5 2022-10-24 08:23:35

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,404

Re: [Solved] systemd-resolved priority in nsswitch causes problem in re...

From the bug, same poster, withing 8h:

We are not looking for all broken software but examples of supported packages which are reported to be problematic would be helpful.
Software, like browsers, which do not use the system resolver on purpose are not valid case studies.

Our current documentation is misleading, the best practice is to have a stub resolver enabled and not to add some lines from the past in /etc/hosts.

I'm saying that browsers and others software like dig/drill do not use the system resolver by design! It's a FEATURE. It's nothing dismissive.
I didn't write or think that browsers are broken.

WTF?
How can the stub resolver be the best practice (postulated, no reasoning) if it's ignored by design by relevant applications that rely on a sane hosts file.
And those applications that will be harmed by the crippled hosts (unless one would deem localhost queries of browsers a non-scenario, since there're absolutely no http servers on the localhost, like cups or torrent daemons or kodi or mpd clients or …) are not broken, they just don't work properly w/ the "best practice".
That's RoP grade logic…

(Disclaimer: I've not checked the DNS queries of browsers™, chromium recently seems to interpret nsswitch.conf, https://bugs.chromium.org/p/chromium/is … id=117655)

@leuko, how does the system behave w/o resolved?

Offline

#6 2022-10-25 06:37:44

leuko
Member
Registered: 2020-06-01
Posts: 23

Re: [Solved] systemd-resolved priority in nsswitch causes problem in re...

seth wrote:

From the bug, same poster, withing 8h:
@leuko, how does the system behave w/o resolved?

Good idea!

# default
#hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns

hosts: mymachines files myhostname dns

does work and finds my FQDN.

Last edited by leuko (2022-10-25 06:39:03)

Offline

#7 2022-10-25 06:51:35

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,404

Re: [Solved] systemd-resolved priority in nsswitch causes problem in re...

I meant to swap systemd-resolved for openresolv and maybe a stub resolver (if you want/need one) that's not systematically dum… broken.
https://wiki.archlinux.org/title/Domain … NS_servers

Alternatively just try

hosts: files mymachines resolve [!UNAVAIL=return] myhostname dns

to get files handled ahead of resolve

@Tarqi
https://bugs.archlinux.org/task/56684 is likely closed because the default nsswitch order is now "mymachines resolve [!UNAVAIL=return] files myhostname dns" what means the localhost query should™ no longer be leaked to DNS, what was the initial complaint.

Offline

#8 2022-10-26 17:26:33

leuko
Member
Registered: 2020-06-01
Posts: 23

Re: [Solved] systemd-resolved priority in nsswitch causes problem in re...

seth wrote:

Alternatively just try

hosts: files mymachines resolve [!UNAVAIL=return] myhostname dns

to get files handled ahead of resolve

That was also my workaround. Thanks!

Do you think that systemd-resolved is causing the problem here? Then I could open an issue there. I just wanted to make sure that the default nsswitch.conf does not have any problems.

Offline

#9 2022-10-26 19:34:35

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,404

Re: [Solved] systemd-resolved priority in nsswitch causes problem in re...

Afaiu that resolved behavior is by design… hmm

The default nsswitch order is probably because of https://man.archlinux.org/man/nss-resolve.8.en

iT ShOuLd bE BeFoRe tHe fIlEs eNtRy, SiNcE SyStEmD-ReSoLvEd sUpPoRtS /eTc/hOsTs iNtErNaLlY, bUt wItH CaChInG.

… and introduce its internal issues to it.

There's absolutely nothing wrong w/ fixing the nsswitch order, esp. not if resolved insists on the current behavior.
You might want to move files behind mymachines, if that's relevant to your use case.

Offline

Board footer

Powered by FluxBB