You are not logged in.

Pages: 1

#1 Yesterday 18:17:55

caneylan
Member
Registered: Yesterday
Posts: 1

Search domain resolution broken in systemd 258

Domain search resolution in systemd-resolved appears broken after updating to systemd 258-4 from 257.7

# grep hosts /etc/nsswitch.conf
hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns

# ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 32 Oct  8 14:25 /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

In the below examples, "ns1.mine.net" exists in DNS on a reachable server.

When "mine.net" is the first domain in the search list, the `resolvectl query` for "ns1" works:

# resolvectl status
Global
         Protocols: +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: uplink

Link 2 (enp3s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.9.9
       DNS Servers: 192.168.9.9 192.168.9.8
        DNS Domain: mine.net foo.mine.net dmz.foo.mine.net
     Default Route: yes

# resolvectl query ns1
ns1: 192.168.9.9                               -- link: enp3s0
     (ns1.mine.net)

However flipping the domain list order such that "mine.net" isn't first, the `resolvectl query` for "ns1" fails:

# resolvectl status
Global
         Protocols: +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: uplink

Link 2 (enp3s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.9.9
       DNS Servers: 192.168.9.9 192.168.9.8
        DNS Domain: foo.mine.net mine.net dmz.foo.mine.net
     Default Route: yes

# resolvectl query ns1
ns1: Name 'ns1' not found

The DNS server log confirms that the client is only sending a lookup for the first domain in the search list, not the others.

Same behavior if/when the DNS servers and Domains are configured Global or per-interface. Same behavior for A records and CNAMES.

It seems like systemd simply stops trying domain searches after the first failure.

Anyone else see the same thing? 

Another person reported the same in this gitub issue with systemd but there's no replies/ack yet (besides me smile)

Offline

#2 Today 17:27:38

topcat01
Member
Registered: 2019-09-17
Posts: 238

Re: Search domain resolution broken in systemd 258

https://github.com/systemd/systemd/issues/39118
Let's wait for release smile

Offline

Pages: 1

Board footer

Powered by FluxBB