[systemd-devel] spurious failures of resolved

Mantas Mikulėnas grawity at gmail.com
Thu Sep 24 15:03:32 UTC 2020 

On Thu, Sep 24, 2020 at 2:45 PM Roman Odaisky <roma at qwertty.com> wrote:

> Hi,
>
> I have the following resolved configuration:
>
> [Resolve]
> DNS=8.8.8.8 8.8.4.4
> Domains=~.
>
> and the following resolvectl output:
>
> Link 76 (usb0)
>       Current Scopes: DNS
> DefaultRoute setting: yes
>        LLMNR setting: yes
> MulticastDNS setting: no
>   DNSOverTLS setting: no
>       DNSSEC setting: no
>     DNSSEC supported: no
>   Current DNS Server: 192.168.42.129
>          DNS Servers: 192.168.42.129
>           DNS Domain: ~.
>
> Link 2 (wlp59s0)
>       Current Scopes: DNS
> DefaultRoute setting: yes
>        LLMNR setting: yes
> MulticastDNS setting: no
>   DNSOverTLS setting: no
>       DNSSEC setting: no
>     DNSSEC supported: no
>   Current DNS Server: <an IP address>
>          DNS Servers: <an IP address>
>                       <an IP address>
>           DNS Domain: ~.
>
> The default route is via usb0. The wlp59s0 link is faulty (that’s why I’ve
> resorted to USB tethering). The DNS servers provided by DHCP for that link
> use
> public IP addresses yet decline to provide services for clients outside
> that
> ISP, with responses like this:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18189
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 2800
> ;; QUESTION SECTION:
> ;freedesktop.org.               IN      A
>
> (note it’s not an NXDOMAIN)
>
> The second IP address is more honest and sets status: REFUSED.
>
> This situation results in the following behavior: if I query some domain,
> it
> always fails for the first time then works afterwards.
>
> $ resolvectl query google.com.uy
> google.com.uy: resolve call failed: 'google.com.uy' does not have any RR
> of
> the requested type
>
> $ resolvectl query google.com.uy
> google.com.uy: 172.217.169.163                 -- link: usb0
>
> -- Information acquired via protocol DNS in 5.8ms.
> -- Data is authenticated: no
>
> Did I misconfigure something? Did I misread resolved.conf(5) which states
> “Use
> the construct "~." to use the system DNS server defined with DNS=
> preferably
> for all domains”? Is there a bug?
>

You have "~." for the global config, but your Networkmanager or something
also sets "~." for each of your two links, so all those settings are back
to being the same priority again.

-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200924/bde0cffc/attachment-0001.htm>

More information about the systemd-devel mailing list